On 25/10/2013 19:30, Brandon Long wrote:
Given that you can only trust the last Received header, I'm not clear
what is accomplished.
Maybe not much, but this is a similar issue to the one a 'mandatory TLS'
spec has - if you don't trust an MTA, you just don't trust it, period.
If A sends a message to B, if you know it only goes through trusted
MTAs, then a header saying 'this message was sent over TLS' can be trusted
If you don't know if it only goes through trusted MTAs, then it doesn't
matter whether it was sent over TLS or not, the message has potentially
been compromised (unless it has end-to-end encryption).
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
ietf-smtp mailing list