Re: authenticated email

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Harald Tveit Alvestrand writes:
 > 
 > 
 > --On tirsdag, juni 03, 2003 09:20:24 -0700 Michael Thomas <mat@cisco.com> 
 > wrote:
 > 
 > > I, like you, suspect that authenticated email may
 > > be helpful in the spam wars, but this must not be
 > > viewed in isolation. "Authentication" begs the
 > > question of identity, trust in assertion,
 > > ownership of identity, and the motivation and
 > > foibles of third parties who would likely be
 > > needed to scale this to anything that would be
 > > useful.
 > >
 > > In particular, the latter is almost without
 > > exception a "be careful for what you wish for"
 > > situation. Centralization of power for naming and
 > > thus participation would be a very convenient tool
 > > to exclude undesirables. Today that's spammers,
 > > but where are the checks and balances? What
 > > prevents less worthy causes? How do you prevent an
 > > unreasonable accrual of power made real by virtue
 > > of being the path of least resistance for the
 > > great unwashed masses?
 > >
 > > Unless these issues -- and many more -- can be
 > > finessed, the cure might be worse than the
 > > disease.
 > 
 > I thought I'd try this....
 > 
 > is there any particular disadvantage or centralization of power implied in 
 > me signing this message with my PGP key?
 > 
 > If not, is there any particular reason that I shouldn't do this all the 
 > time?
 > 
 > It's not a solution, but is there a downside?

It depends on what you mean by signing. Signing a
message in and of itself ought not hurt anything
modulo software bugs, etc. But the real question
is what does the receiving program (MTA, MUA) do
with that signature? At the very least it could
verify the signature, but then what? If it doesn't
verify do you drop it? (transitive trust comes
into play, but most likely). Does it do anything
beyond that?

Let me ask something in return: do you think that
just the act of signing mail -- with no trust
roots implied -- could help? My sense is that it
might in a sow-the-seeds kind of way for some
later goodness (it's as you say not a solution).
I too would be happy to hear downsides.

      Mike
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]