I agree that getting authentication into the email protocols is a good thing, but TLS does not achieve much more than SPF/Sender-ID in that respect. DKIM is a much better platform.
Not clear. As currently envisioned, DKIM doesn't address phishing because it basically says "I saw this message" rather than "I wrote this message". It doesn't authenticate transmission either because it doesn't record to whom the message was transmitted. So it addresses the spam problem only if you're willing to take a rather large leap of faith in reputation services that have no reliable basis with which to determine a domain's reputation, and a few other leaps of faith besides.
I think DKIM is fixable, but if it stays in its current form it will only delay adoption of effective anti-phishing and anti-spam solutions by a few more years. And several people in that proto-WG seem to think that getting agreement on something that people have blind faith in is more important than actually understanding whether and how it will solve any real problems.
Keith _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf