[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication and email

To: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: Authentication and email
From: Eric Rescorla <ekr@rtfm.com>
Date: 03 Feb 2003 10:46:07 -0800
Cc: wgchairs@ietf.org
In-reply-to: <p05210234ba606fe32ed5@[165.227.249.18]>
References: <3E354398.BF1D5575@lmf.ericsson.se><611987020.1043699189@localhost> <3E3674FA.202781D7@lmf.ericsson.se><674756478.1043761959@localhost> <3E369EAE.80761DAC@lmf.ericsson.se><p05210219ba5e0c696c00@[165.227.249.18]><kju1fpz0jf.fsf@romeo.rtfm.com><p05210234ba606fe32ed5@[165.227.249.18]>
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)

Paul Hoffman / IMC <phoffman@imc.org> writes:

> At 9:33 AM -0800 1/31/03, Eric Rescorla wrote:
> >I'm not sure how you're drawing the distinction between providing
> >authentication for content and for senders.
>
> None of the headers are authenticated by S/MIME and PGP; only the body is.
So? Examining headers to determine who senders are is a bug,
not a feature. Sender authentication is provided by cryptographic
signature of the content.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

Follow-Ups:
- Re: Authentication and email
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- Re: Authentication and email
  - From: Eric Rescorla <ekr@rtfm.com>
- Re: Authentication and email
  - From: Paul Hoffman / IMC <phoffman@imc.org>

Prev by Date: UPDATE: IESG Telechat for February 6, 2003
Next by Date: Formal language policy statement
Previous by thread: Re: Authentication and email
Next by thread: Re: Authentication and email
Index(es):
- Date
- Thread