Re: a few short notes



On 2/2/2004 10:49 AM, Chuq Von Rospach wrote:

If I try to hand you a message from Bill(_at_)microsoft(_dot_)com, SPF could 
tell 
you whether to accept it if I claimed it was generated on my site, but 
what if I claimed it was generated on microsoft's server and (acting as 
a man in the middle) that it's being relayed through me?


That's why you need to validate the path also. Having per-hop recursive
signatures of a canonical sender certificate would give recipient systems
the ability to validate each hop individually as well as the sender's
identity, separately or individually. It would also give recipients the
ability to filter against problematic hosts, and not just senders.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: a few short notes, (continued) Message not available Re: a few short notes, Chuq Von Rospach Anonymity, Jacob Palme Re: a few short notes, Martin Duerst Re: a few short notes, James Craig Burley Re: a few short notes, Jari Arkko Re: a few short notes, Eric A. Hall Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Re: a few short notes, Paul Smith Chains of trust vs. PKI, Paul Crowley Re: a few short notes, Eric A. Hall <= Re: a few short notes, Iljitsch van Beijnum Re: a few short notes, Paul Smith Re: a few short notes, Martin Duerst

Previous by Date:	Chains of trust vs. PKI, Paul Crowley
Next by Date:	Re: a few short notes, Martin Duerst
Previous by Thread:	Chains of trust vs. PKI, Paul Crowley
Next by Thread:	Re: a few short notes, Iljitsch van Beijnum
Indexes:	[Date] [Thread] [Top] [All Lists]