Re: Pre-picking one solution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Dec 22, 2005, at 12:06 PM, Frank Ellermann wrote:

Douglas Otis wrote:

DKIM should be seen as aspect of the SMTP transport.

It could also work for news if we get the FWS canonicalization right.

Agreed. The presents of the signature should not impose limitation upon what content (email-address) is carried.


Schemes related to the email-address such as S/MIME or OpenPGP are designed to support email-address limitations.

Maybe they missed the point, mail without signature. A simple way to publish that all mails claiming to be from X are spam if they don't have X's signature. [ I'm just spamcop-ping 36 phishes claiming to be from my bank, hilarious ]

If the MTA or MUA cached assurances (binding) found in messages indicating this message should always be signed, then the only additional lookup needed would be to confirm continuation of the assurance when such message is found lacking the signature. The caching require to mitigate most abuse could be simply a list of domain names held within a local DNS zone. Once recognition at the MUA becomes widely deployed, caching at the MTA would be redundant and not needed.

For SSP, there is a policy search walking up DNS label trees for nearly each and every email received, and will likely lead to coercion to increase the number of domains publishing records. As an alternative, the recognition approach allows incremental deployment. For many domains, a closed-policy will be disruptive and yet an open- policy will likely damage their reputation. The binding approach does not incur the overhead, risk reputations, or require coercion to mitigate policy overhead.

-Doug




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]