Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Me

On Mon, 24 Nov 2008 15:43:37 -0000, Victor Duchovni  
<Victor(_dot_)Duchovni(_at_)morganstanley(_dot_)com> wrote:

And full marks to you for including the correct Reply-To in your message!

Since nested messages can and often are saved to external storage,
and then opened as stand-alone messages, one should perhaps also be
suspicious of messages not stored in the user's mailbox.


Headers in an included message are merely evidence of the state of that  
message when it was received. So, for example, if you are attaching it as  
part of a message to your MTA admin when discussing with him the  
goodness/badness of his service, then that header may be quite useful to  
that admin for working out what did/didn't go wrong during its original  
delivery. So, for sure, it should be left there intact.

And if I forward to you a message that I have received, then you may well  
wish to inspect it closely if it looks suspicious to you, and you might  
even want to draw my attention to the absence of that header as evidence  
of your suspicions.

Messages (that have Authentication-Result headers) may of course also
be found in NTTP posts, HTTP downloads, an so on. It is like difficult
to close down all the side-channels which bypass the scrutiny of MTAs
that remove forged Authentication-Result headers.


Some methods of authenticating messages (most notably DKIM) would be  
entirely appripriate for use over NNTP, and the news server that finally  
delivered it to you could quite properly add that header (having removed  
any such headers added by earlier servers in the Path). DKIM might well  
become fashionable as a means of authenticating Usenet articles, whether  
or not the Netnews standards ever get around to making it official. So you  
can't dismiss all such things as mere "side channels".

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, (continued) Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Victor Duchovni Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Michael Thomas Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Murray S. Kucherawy Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Victor Duchovni Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Dave CROCKER Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Dave CROCKER Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, SM Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Dave CROCKER Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, J D Falk Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Douglas Otis Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Charles Lindsey <= Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, SM

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Douglas Otis
Previous by Thread:	Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Douglas Otis
Next by Thread:	Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, SM
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Douglas Otis

Previous by Thread:

Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, Douglas Otis

Next by Thread:

Re: [mail-vet-discuss] Last Call: draft-kucherawy-sender-auth-header (Message Header Field for Indicating Message Authentication Status) to Proposed Standard, SM

Indexes:

[Date] [Thread] [Top] [All Lists]