Authentication header format
nisse at lysator.liu.se
06 Oct 2004 17:52:19 +0200
Linus Nordberg <email@example.com> writes:
> Draft, section 5 suggests that a header is added to messages that are
> successfully authenticated.
> o Add a header field, recording the result.
> If no MAC is provided, or the MAC is invalid, the server may require
> a hash cash transaction, and it should delete any possibly faked
> header in the incoming mail, that says the MAC was valid.
> Any ideas on what the header should look like?
I'm thinking of something like
X-MTA-Hashcash: <mta> noauth
X-MTA-Hashcash: <mta> auth <keyid>
X-MTA-Hashcash: <mta> challenge-response <type> <difficulty>
but I haven't yet thought about it carefully.