-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Jan 8, 2007, at 6:02 PM, Jim Lester wrote:
So I like the ability to have multiple identities but right now its
a huge security risk to have enable the way I see it. Since there
is no indication in the header of the original username, and also
no check to authorize the user for the address they are adding, I
just can't allow my users to have that option. It wont even be a
day before people start sending emails out as me and as the
officers. Does anybody else share this sentiment? If so, I propose
that there needs to be 1) a simple way to disable it and 2) a way
to force RC to put the original identity into the headers of the
outgoing message. Thanks.
So you're saying you want to change how email works?
The 'problem' you're describing applies to just about any mail client
that an end user has to configure. Desktop or otherwise.
Of course, we could always come up with a way to embed a digital
signature on emails so we could verify identities. That way we could
ensure that messages are indeed from who they claim to be and that
content has been unmodified. Actually, if both parties exchanged keys
prior to the email, then we could encrypt the entire message. Of
course this would rely on some fairly advanced cryptography, but the
resulting privacy and identity verification would be pretty good.
Oh... wait...
J.