On July 27, 2005 at 22:52, "Arvel Hathcock" wrote:
How can a policy lookup be avoided with each and every verification if the purpose of the policy semantics are to "allow the sender to describe their signature policy in sufficient detail that the lack of a signature header that complies with the policy can be understood to indicate a forgery." How can a verifier know whether a signature "compiles with the policy" unless it query for the policy always?
BINGO! --ewh
Previous by Date: | Re: Better DKIM Verification Example Needed, Arvel Hathcock |
---|---|
Next by Date: | Re: Spoofing revisited, Earl Hood |
Previous by Thread: | Re: alternate key server mechanisms, Arvel Hathcock |
Next by Thread: | RE: alternate key server mechanisms, Dave Crocker |
Indexes: | [Date] [Thread] [Top] [All Lists] |