On Thu, May 06, 2004 at 02:29:19PM +0100, Tony Finch wrote:
| On Thu, 6 May 2004, Carl Hutzler wrote:
|
| > I tend to agree. I would love to see DK use an s/mime type
| > infrastructure given that so many email clients and servers do know
| > s/mime to come extent. Developers know it too. Might help to speed adoption.
|
| Correct me if I'm wrong, but S/MIME only covers the message content, not
| the header or envelope -- i.e. it omits the parts we need to be able to
| verify.
|
I thought all crypto signing schemes have some kind of email address/name
identifier that can always reliably override the "From:" header.
I mean, it's like signing a typed document --- which is more likely to
misspell my name, the typed document or my carefully formed signature?
So for 2822 authorship-verification purposes I thought S/MIME and PGP
would do; am I wrong? See http://www.antiphishing.org/smim-dig-sig.htm
PHB can probably comment authoritatively.
Maybe someone on the list who regularly sends with S/MIME could try an
experiment --- send a message to yourself, observe a successful S/MIME
check, then tweak the "From" header and see what happens. I know Mac
Mail supports S/MIME pretty well, that might be a good platform to
test with.
http://spf.pobox.com/slides/crossingbeams/0230.html