if you only sign the 'from' address it can be reused.
b
Serge Knystautas wrote:
bill parducci wrote:
if you don't sign the whole message this can be easily forged.
What do you mean? I'm talking about having the server use it's cert to authenticate instead of the user using his/her cert? How does this relate?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
