Re: Most recent sender.


On Fri, 2005-01-14 at 19:48 +0000, John Levine wrote:

Well, the signature can say which address it signed.


That's not sufficient though, surely?

If you get a message with 'Resent-From: dwmw2(_at_)infradead(_dot_)org' and
'Sender: owner-ietf-mailsig(_at_)imc(_dot_)org', where the address
'dwmw2(_at_)infradead(_dot_)org' has published that it'll always sign mail but
there's no valid signature from that address... do you accept that mail?

The answer is that you should accept it if the Resent-From: header is
newer than the Sender:, but not if the Sender: is newer. If you can't
decide which is newer you have to give the benefit of the doubt.

A real person would obviously look at the RFC2821 sender address but
we've decided we don't want to use that.

-- 
dwmw2

<Prev in Thread]	Current Thread	[Next in Thread>
Most recent sender., David Woodhouse Re: Most recent sender., James Galvin Re: Most recent sender., Douglas Otis Re: Most recent sender., James Galvin Re: Most recent sender., william(at)elan.net Re: Most recent sender., John Levine Re: Most recent sender., Jim Fenton Re: Most recent sender., David Woodhouse <= Re: Most recent sender., John Levine Re: Most recent sender., David Woodhouse Re: what signatures mean, was Most recent sender., John Levine Re: what signatures mean, was Most recent sender., David Woodhouse Re: what signatures mean, was Most recent sender., John R Levine Re: what signatures mean, was Most recent sender., Jim Fenton Re: Most recent sender., Justin Mason Re: Most recent sender., Jim Fenton Re: Most recent sender., william(at)elan.net Re: Most recent sender., David Woodhouse

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Most recent sender., Jim Fenton
Next by Date:	Re: Good as the enemy of OK, Michael Thomas
Previous by Thread:	Re: Most recent sender., Jim Fenton
Next by Thread:	Re: Most recent sender., John Levine
Indexes:	[Date] [Thread] [Top] [All Lists]