Autor: Andre Grueneberg Data: A: James P Roberts CC: David Woodhouse, Matthew Byng-Maddick, exim-users Assumpte: Re: [Exim] Yahoo DomainKeys...
--
James P Roberts wrote: > Why bother signing the message DATA at all? Do we really need to verify
> unchanged contents? Aren't we just trying to confirm that the connecting
> host is legitimate to be sending it? Why not only sign the headers?
To prevent replay attacks?! Otherwise a spammer could take the signed
header lines and add another body. At least I would, if I were a
spammer. ;)
Andre
--
Scotty, beam me arghhhh !
--
Content-Description: Digital signature
[ signature.asc of type application/pgp-signature deleted ]
--