On Tue, 10 May 2005, Hector Santos wrote:
Off hand, I think I see a potential of DMTP becoming a source of phishing.
Once the user authorizes the intent, how to you control that a different
final body of message with different intent is not delivered?
You could include in the message ID a hash of the message, which the
client can use to verify that the offered message corresponds to the
message that was received.
(Note: Adding this feature does not prevent stateless spam servers because
they can still use other information in the opaque part of the message ID
to generate spam consistent with the hash on the fly.)
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.