From: Ralph Babel (rbabel@babylon.pfm-mainz.de)
Date: Sun Oct 14 2001 - 06:40:42 CDT
Seth Breidbart wrote:
> It's easy to fake a signature that will fool anybody whose
> software doesn't check them, which is just about everybody.
So obviously that software needs to be fixed, and an
authentication RFC (preferably covering _all_ RFC-2822-based
formats) should provide the technical basis for this. Not a
news issue, though, so let's move on.
>> why did the "site admin" give the poster
>> permission to post in the first place?
>
> He didn't know better, the poster lied on his application.
So obviously the application procedure needs to be fixed.
That's more of a legal issue and not something an RFC can
provide, so I'd suggest you take your straw man elsewhere.
>> If the so-called "spam attack" doesn't carry a valid
>> signature, everyone can recognize that it didn't
>> come from "your site". Not a cancel issue.
>
> For a very small value of "everybody".
So - assuming we had an authentication RFC - obviously
too many people use broken software, which would be
a social issue that cannot be addressed by an RFC.
Next topic, please.