Re: sender vs author, channel vs object, designated sender vs crypto sig

Meng Weng Wong wrote:
> On Thu, Mar 18, 2004 at 07:04:04PM -0800, Mark C. Langston wrote:
> | > 
> | > While designated sender schemes can be used for fight header forgery 
> | > (like CID does), they might be breaking too many things. The question we 
> | > should be asking is whether we should be verifying the "from" header, 
> | > not whether proposal X is better. 
> | 
> | Indeed.
> | 
>
> OK, what is your answer?
You can choose to verify the "from" header in all cases like Phil is 
pushing, you can can verify the "from" header in *some* cases like you 
original proposal, or can choose *not* to verify it. Case #1 breaks too 
many things, case #2 might work but is likely not to be followed when 
implemented, and case #3 does not stop header forgery at all.
HOWEVER, the main problem with header forging is fooling the user. If 
the MUA can indicate to the user that a message is suspicious perhaps by 
displaying the "Return Path" header OR comparing the "Return Path" to 
the "from" header, and simply putting a question mark somewhere; that 
might be something useful.
Even if you are only verifying the MAIL FROM, you did accomplish 
something - the "Return Path" header in the mail message itself is now 
verified and can be relied on (assuming you can deal with the forged 
ones by removing them). Now that you verified it, you can build on that 
fact.
Yakov