Re: How Not To Filter Spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Vernon Schryver wrote:
> 
> > From: Ed Gerck <egerck@xxxxxxx>
> 
> > > If a complete stranger is the sender of an incoming message, then
> > > crypto keys are irrelevant to determining the message is unsolicited
> > > bulk.
> >
> > No. In PGP, for example, I accept a key based on who signed it and
> > when. If I can trust the signer(s), I may use a key from a stranger.
> 
> That sounds like the old "authentication solves spam" hope.  It was
> wrong before SMTP-AUTH and it is still wrong.  If the sender is a
> stranger, then by the definition of "stranger" you can know nothing
> more than that the key works. 

It seems that you're not a PGP user. A signed PGP key has more useful 
information than just the key value. PGP keys can and should be signed 
by the key-holder and by one or more introducer(s). If you can trust 
those signer(s) as introducer(s), you may use a key from a stranger.  

BTW, this has nothing to do with "authentication solves spam". Spam is a 
complex problem that can only be solved by an array of measures where, 
IMO, PK encryption is more useful than PK signatures.

> > > The PGP mantra that a good key does not imply that the sender or the
> > > message is good applies here.
> >
> > Define "good key" and you'll define what the key is good for.
> 
> The ancient PGP mantra refers to keys that "work," as in the results
> of decoding using the indicated public keys yield a valid messages.

No, this is not how PGP keys should be accepted and considered "good".
Of course, since the rules of PGP are user-centric, you may define
whatever you want as "good keys".


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]