Re: RFC 2487 [5]: Suggest dropping of "TLS Required"- forbid and extensions of current standards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I agree that getting authentication into the email protocols is a good
thing, but TLS does not achieve much more than SPF/Sender-ID in that
respect. DKIM is a much better platform.

Not clear. As currently envisioned, DKIM doesn't address phishing because it basically says "I saw this message" rather than "I wrote this message". It doesn't authenticate transmission either because it doesn't record to whom the message was transmitted. So it addresses the spam problem only if you're willing to take a rather large leap of faith in reputation services that have no reliable basis with which to determine a domain's reputation, and a few other leaps of faith besides.

I think DKIM is fixable, but if it stays in its current form it will only delay adoption of effective anti-phishing and anti-spam solutions by a few more years. And several people in that proto-WG seem to think that getting agreement on something that people have blind faith in is more important than actually understanding whether and how it will solve any real problems.

Keith

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]