[Enigmail] Signing message headers [was: X-PGP-Sig support]
Andrzej Filip
anfi at onet.eu
Tue Dec 18 04:42:32 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert J. Hansen wrote:
>> I've pondered various times the idea of mailservers signing certain key
>> headers in each message they originate or relay. It would enable
>> unambiguous identification of the real source or injection point of any
>> spam with headers forged to conceal its origin.
>
> It would only allow identification of those mailservers that supported
> this new feature. Spammers would instead use spam-friendly mailservers
> that were not configured so.
It would ease extending "trusted Received: headers" to one more *group*.
e.g. if your mail server receives message from site you trust that
generates more than one Received: header you will know who throw the bad
egg into site you trust.
[X-PGP-Sig does not support signing a subset of Received: headers]
> Also, signatures are phenomenally expensive, from a CPU cycle
> perspective. Doing one signature per message would bring high-volume
> servers to their knees.
Unlike many other activities message signing does not have to happen
during servicing incoming SMTP session. It is easy to use "throughput
averaging" for signing.
BTW signing may use one pretty short "one day" keys signed by long
"master key".
> [...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHZ8A0qmxEvGofXN0RAuNFAJ9MR9LIOdbGwPLgQN/LUXM519YgsQCfVThR
+gGWzeagyUsvB/Uef4rz7J8=
=ZoyU
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list