On Thu, 2007-01-25 at 21:46 -0700, Von Fugal wrote: > Ah turkey, now I feel silly. > I have heard of domainkeys but never really read up on it. I also seem > to recall several people speaking ill of it. Maybe I'm thinking of > S/MIME. > Anyway, I was thinking of something a bit simpler. Signing a few select > headers would be sufficient. For example From:/Sender:, To: and Date:
Signing just the headers would be naive. All it would tell you is that the headers originated from that domain. It says nothing about the content because you could alter, remove, or destroy the content without affecting the signed portion. You really have to sign the body as well. As with most things cryptographic, coming up with a new standard is rarely more secure or simpler than sticking with the tried and true. Domain Keys may be a relative newbie on the block, but it does have wide exposure and in theory should be more robust because of it. Corey /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
