Re: Authentication and email

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 10:46 AM -0800 2/3/03, Eric Rescorla wrote:
> Paul Hoffman / IMC <phoffman@imc.org> writes:
>
> >  At 9:33 AM -0800 1/31/03, Eric Rescorla wrote:
> >  >I'm not sure how you're drawing the distinction between providing
> >  >authentication for content and for senders.
> >
> >  None of the headers are authenticated by S/MIME and PGP; only the body is.
> So? Examining headers to determine who senders are is a bug,
> not a feature.
Right. I was responding negatively to a proposal that wanted to use 
S/MIME or PGP to authenticate mail senders.

We seem to be in strong agreement here.

--Paul Hoffman, Director
--VPN Consortium