Re: a header authentication scheme

[Bruce Lilly <blilly@xxxxxxxxx>]

On Thu October 21 2004 22:34, Laird Breyer wrote:

> In another post, I mentioned possibly extending the RFC 2822 date-time stamp
> to include microseconds.

Two problems:
1. date-time is pervasive; it is used in many places in addition to
   time stamp lines
2. while providing seconds was once mandatory (RFC 821), it is
   now optional (RFCs 2821/2822). So you might not even have
   seconds.  You seem to want to buck the trend.

> > 2. Quoting the "with" ID may provide protection, depending on whether 
> > the ID is guessable.
> > 
> 
> Yes. From the RFC, this is optional. Do you know any good reasons why the ID 
> might not be added to a Received line sometimes? 

Umm, because it is optional.  Past implementations have associated
the identifier with a set of files used in store-and-forward
processing.  In some cases, messages might be handled w/o
any associated file storage, therefore no need for an id.

There also appears to be some confusion between "with"
(which specifies a protocol (SMTP, ESMTP, LMTP, etc.) and
"id" which provides an identifier of some sort (RFCs
821/822/2821/2822 all differ on what is allowed).