Carl L. Gilbert
Wed Aug 6 21:15:01 2003
On Wed, 2003-08-06 at 13:09, Adrian 'Dagurashibanipal' von Bidder wrote:
> Strongly disagree. Mail headers are for communication between MUAs mostly=
> Communication between MTAs should (and in the vast majority of cases does=
> only ever add new headers, but not interpret any old headers - that is wh=
> have an envelope, after all.
But its the MTAs that are adding the headers. not the MUA. So how can
a MUA sign something 'before' many of its headers are even added to it!?
What about all those spam headers? You want to split it into a list of
untouchable headers? Here you are talking about modifying what can
legally be added, and by whom. This is within the scope of the mail
'system' and not the mail itself.
This is not to say the 'system' can not adopt a method of signing since
its the originators of the data. but again, thats not the MUA.
besides, before you even go here don't you need to first secure the mail
server and your communication with it? How are you even certifying that
what you signed as to go to person X and from person Y is actually send
there or actually came from there? Their are holes in that system that
the MUA has no authority to attest to.
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org (Encryption and Digital
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----