[Top] [All Lists]

Re: New Authenticated: header?

2005-03-10 10:14:52

On Wed March 9 2005 16:18, John Leslie wrote:

   If there were a header prepended at the time Authentication is done,
it would make it possible to use its result as input to (possibly
heuristic) filtering executed later; and _might_ open the door to a
future in which a limited trust could be given to Received: lines after
the first. 

   What do other folks think?

Some observations:
1. Message header fields can be trivially forged.
2. There has still been no concrete definition of precisely
   who or what is supposedly being authenticated, by whom,
   according to what criteria, or for what purpose.

First things first: first come up with a detailed definition for
the supposed "authentication", addressing the issues above.

Then, if and only if there is some reasonable purpose, there
might be some point in discussing how to pass information from
point to point.