Re: Automatically signing outgoing email

in reply to Automatically signing outgoing email

I assume that there is no way for userA to inject mail as userB into the system (as you can using SMTP, for example). If you cannot gaurantee this, then you are just signing that you think the user who generated this message is userB.

The closer you can put the signing to the user, the less likely someone else was able to inject a bogus message into the stream, and the more confidence you can have in the signature.

--MidLifeXis

Comment on Re: Automatically signing outgoing email

Replies are listed 'Best First'.
Re: Re: Automatically signing outgoing email by mpeppler (Vicar) on Dec 05, 2003 at 22:43 UTC
I fully understand these issues - I think I can tie down the SMTP server to limit the risk of someone sending mail as someone else and subverting the signature. Though as you point out I'm not 100% sure that the whole thing is such a great idea, and maybe it'd be better to add the signing to the email sending process. Michael	[reply]

In Section Seekers of Perl Wisdom