From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Wed Sep 22 1999 - 05:21:53 CDT
> Date: Tue, 21 Sep 1999 18:30:59 +0200 (MET DST)
> From: Maurizio Codogno <mau@beatles.cselt.it>
> Subject: Re: Draft due in 6 weeks for IETF meeting.
> To: chl@clw.cs.man.ac.uk
> Content-MD5: gqOrUkYONiJm4k0DK7nlsw==
Not posted to the list, apparently.
>
>
> " I had no intention to change the syntax, but rather to be more insistent
> " that it had to have some resemblance to the true sender/originator of the
> " article (i.e. to outlaw "Approved: foo").
>
> I read alt.hackers just to lok at what they put in there :-)
>
> Seriously, do you believe that we'll eventually have authentication
> with the Approved: header or in another way? In the former case, it
> makes sense to me to add some syntax constraint on the header value,
> even if we will end up adding something else: otherwise, I don't see
> any use.
>
I think what I am aiming at is for all necessary plain text for a human to
be able to establish that approval came from some person that he believes
was authorised to give it should be in the Approved header.
If you then want to establish that the Approved header was created in a
proper manner, you include it in whatever digital signing of headers
scheme that is agreed upon. Thus people who do not have the time of
facilities to check the digital signature can at least read it and see
what is alleged to be the full story.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5