mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Draft as of 9/4/2007

2007-10-14 22:26:02
John,

Anybody who picks up mail from more than one mailbox, which is a whole
lot of people these days, is going to have to check that an AR header
arrived via an appropriate path before believing it. Otherwise there's
an obvious attack if one path manages AR headers and the other one
doesn't.  Ditto people who forward an address on system A to system B,
if A does AR and B doesn't. Once you're checking the path, it's a
trivial amount of extra work to check another hop or two and look at
AR's added farther away.

Wait a second!  More than one mailbox in the case you discuss means more
than one border gateway with differing sets of policies and is
inapplicable to what we're talking about here.

If you want to strip off potentially useful AR headers, nobody can
keep you from doing that, but don't pretend you're doing your users a
favor when you do.


Well, it's not clear we are offering anybody any favors with this header
to begin with.  The game is likely lost by the time the message gets to
the user's desktop.  But given that we're here, you can believe that if
any sort of trust is invested in these headers by clients, then
administrators will want to limit the scope of that trust, mostly
because they'll be unable to verify the headers AND because end users to
far more stupid things than administrators.

Eliot
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html 

<Prev in Thread] Current Thread [Next in Thread>