Re: [Exim] Yahoo DomainKeys...

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
MJames P Roberts en <-
MClaus Assmann en ->
Delete this message
Reply to this message
Autor: Andre Grueneberg
Data:  
A: James P Roberts
CC: David Woodhouse, Matthew Byng-Maddick, exim-users
Assumpte: Re: [Exim] Yahoo DomainKeys...
--
James P Roberts wrote:
> Why bother signing the message DATA at all? Do we really need to verify
> unchanged contents? Aren't we just trying to confirm that the connecting
> host is legitimate to be sending it? Why not only sign the headers?

To prevent replay attacks?! Otherwise a spammer could take the signed
header lines and add another body. At least I would, if I were a
spammer. ;)

Andre
--
Scotty, beam me arghhhh !
--
Content-Description: Digital signature

[ signature.asc of type application/pgp-signature deleted ]
--


Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [Exim] Yahoo DomainKeys...Re: [Exim] Re: [SA-exim] local_scan is crashing (log_write crash)->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)