On 6/30/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
OK, I see now that you want to unconditionally trust the MSA *and* all hosts after it. Which is reasonable if the MSA is just an MSA. For whatever reason you don't want to rely on auth tokens, etc. Seems reasonable to me.
That would mean that SA must be able to verify the Received: chain as far back as the MSA, wouldn't it? Otherwise forging a Received: for the MSA would bypass all the network checks.
