Re: SSP - 3rd party Signers - Definition/Usage



On Fri, 29 Jul 2005, Michael Thomas wrote:

That's essentially what the iim home/routing tag was about. A routing
signature was just a signature that says "I signed this because I felt
like it" rather than "I signed this because I want to take responsibility
for something".


What makes you think malicious signer would be truthfull? If you open your
system up and allow 3rd party signer signatures (i.e. mail lists) to be
replacement for original eventhough "d" and "i" in no way match, then you
invite somebody to use this hole to make it appear email is valid when
the actual domain providing authorization is something that just appared
on the next in last 24 hours.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
RE: SSP - 3rd party Signers - Definition/Usage, Hallam-Baker, Phillip Re: SSP - 3rd party Signers - Definition/Usage, Michael Thomas Re: SSP - 3rd party Signers - Definition/Usage, Earl Hood Re: SSP - 3rd party Signers - Definition/Usage, Michael Thomas Re: SSP - 3rd party Signers - Definition/Usage, william(at)elan.net <= Re: SSP - 3rd party Signers - Definition/Usage, Hector Santos

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: revised Proposed Charter, william(at)elan.net
Next by Date:	Re: revised Proposed Charter, Douglas Otis
Previous by Thread:	Re: SSP - 3rd party Signers - Definition/Usage, Michael Thomas
Next by Thread:	Re: SSP - 3rd party Signers - Definition/Usage, Hector Santos
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: revised Proposed Charter, william(at)elan.net

Next by Date:

Re: revised Proposed Charter, Douglas Otis

Previous by Thread:

Re: SSP - 3rd party Signers - Definition/Usage, Michael Thomas

Next by Thread:

Re: SSP - 3rd party Signers - Definition/Usage, Hector Santos

Indexes:

[Date] [Thread] [Top] [All Lists]