> If it's truly a cardboard box, why not say, "Don't put a lock on this!"?
Lawyers, of course. But having talked to some of the people who do redaction, it's not quite as stupid as it might seem. The party that originally sent the mail can in most cases figure out who they sent message to, either by comparing logs or by looking at other clues in the message. People who didn't send the message generally can't. So in the not uncommon case that you're sending FBL data to a provider which has customers who run their own mail servers, the customers who sent the mail can de-redact if the provider forwards them the reports. The provider can't, but can still use the hash to help figure out whether their customers are misbehaving. >So could someone explain why choosing HMAC is any more silly than doing >the hash? Or why there is any objection to doing HMAC (since it isn't >hard to do)? It just seems pointless. The suggestions for key rotation were actively misguided. R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
