-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Kitterman wrote:
The flip side is simpler. If one asserts that messages are always PGP
signed, and you get one that lacks a PGP signature, then it's easy to
know what to do with it.
Just to be clear, I'd like to add:
Of course if a message doesn't have _any_ PGP signature, not even an
invalid one, it can be discarded/rejected if the SPF record requires some
- -- any! -- signature.
But invalid PGP signatures can of course be faked trivially (just use some
constant string formally looking like a signature), so the mere presence
of _some_ PGP signature (invalid or not) really doesn't mean anything.
Thus, plain, key-id-less "pgp"/"smime" mechanisms/modifiers are useless.
I look forward to your introductory message.
(For the record, it won't be about PGP specifically.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEDxemwL7PKlBZWjsRArEiAKDZYfwq2xIOrFPHyOaGZrtLTdhSEACgwo7z
XcgL4GKpTLcfUiQC8tR957I=
=K0/K
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com