On Fri, Aug 06, 2004 at 09:25:44AM -0700,
Hadmut Danisch <hadmut(_at_)danisch(_dot_)de> wrote
a message of 30 lines which said:
HELLLOOOO. Wake Up!
Not at this time of the day.
May I ask who in this working group has experience in designing
security protocols?
Not me. Now, what's the security problem? The draft says that the
*client* SMTP must derive SUBMITTER from the 2822 headers and that the
*server* SMTP should check that they still match.
Besides a lazy server which understands SHOULD as "if you please", can
you present a scenario where SUBMITTER fails, because the bad guy
forged the 2822 headers (something which is easy to do, we know it, no
need to be a security expert)?