On Tue, Apr 06, 2004 at 12:16:52PM -0700, Mark Baugher wrote:
At 11:54 AM 4/6/2004, Markus Stumpf wrote:
Maybe I'm missing something here, but isn't that exactly what PGP and
S/MIME does? (ok, it validates the user, not only the domain)
No, I don't believe either of these include the From or any header in the
integrity check of the mail message. At least I don't believe PGP does.
PGP does not check the fields as it only sees the signature, but in the
signature you can store (even multiple) email addresses:
pub 2048R/644A1C35 1996-07-03 Markus Stumpf <maex(_at_)leo(_dot_)org>
uid Markus Stumpf <maex(_at_)lamer(_dot_)de>
uid Markus Stumpf <maex(_at_)space(_dot_)net>
uid Markus Stumpf (LEO) <stumpf(_at_)leo(_dot_)org>
uid Markus Stumpf
<stumpf(_at_)informatik(_dot_)tu-muenchen(_dot_)de>
S/MIME signatures also contain names and eMail-Adresses.
Of course it is in the area of responsibility of the MUA to make the
interconnection between the 2822.from and the information derived from
the signature.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"