Re: [Asrg] E-mail Postmarks

["Jon Kyme" <jrk at merseymail.com>]

>>Do you have any figures for what proportion of messages have their bodies
>>mutilated passing through SMTP relays? Or is *some*, however few, too
>many
>>for you?
>
>
John Levine>It's all of them when the relay is MS Exchange. Keep this in
mind when
>evaluating Bob's suggestions.
>

I guessed as much.  

Signing for these purposes needn't be all that elaborate, and any "relay"
which mutilates the message by design *MUST* break the signature, while
canonicalisation would be designed to minimise the chance of accidental
breakage.

However, a single mutilating stage (as at a gateway) is easily accomodated
in a simple scheme: The mutilator should verify the sig before breaking it,
and re-sign the message, including its verification header (or whatever).
So we have a secure trace back to the first signer (if not mutilated) or to
the signer before the last mutilator (if we trust the mutilator), or not
(if sig doesn't verify).

So the minimum we require is the canonicalisation algorithm, a pair of
headers, and some per-domain public key retrieval mechanism. More than this
is likely over-design.







_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg