Yakov, At 11:46 AM 12/9/2003, Yakov Shafranovich wrote:
Is it fair to say that there may be many MTAs at the sender's domain, many at the receiver's domain, but there should at most be one MTA(i) in the forwarding path? From the standpoint of mail signing, might the multiple MTAs at the sender be considered as a single MTA and similarly for the receiver?Markus Stumpf wrote:Would there be a difference if the message is forwarded through a list, or is transfered via multiple MTAs?On Mon, Dec 08, 2003 at 03:35:28PM -0500, Yakov Shafranovich wrote:The signature attests to the fact that the domain name or server from which the message originated, is not forged.
*lol* I don't see any more security here as with a "paranoid" dns lookup. If I do a reverse DNS lookup and get a name and do a lookup of the name and get the IP I can assume#1 that it is correct. #1 with drawbacks as to DNS spoofing and DNS security. Now, if the sending MTA has a signature on the message and I use DNS to get the public key to verify the signature #1 from above still applies. So the win for using PKI and not paranoid DNS lookups is zero. [..]
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Be liberal in what you accept, and conservative in what you send" (Jon Postel)
-------
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg