Mark Horn <[EMAIL PROTECTED]> writes: > This is a pretty simple thing. All it does is check > X-TMDA-Fingerprint in the original message. Then it recalculates > it. If the recalculated fingerprint matches the original > fingerprint, then it creates a new header, X-TMDA-Fingerprint-Match, > and sets it to "Yes". If the fingerprints don't match, then it sets > that header to "No".
A possible "hole" exists when someone finds one of your messages, and sends you a new message with those same headers, but a different body. It will get delivered since the fingerprint verification will succeed. To close this hole, you'd probably have to maintain a database of already verified fingerprints, and refuse to accept a fingerprint which is in there. For your purposes, this isn't necessary, but just wanted to make the point so people don't try to use this as is for a higher-security application. BTW, do you want this added to contrib, or did you just circulate it for general perusal? _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
