Noel Chiappa wrote:
> > From: Michael Thomas <mat@xxxxxxxxx>
>
> > So I've never met you, Noel. And I certainly don't have any reason to
> > believe that this email I'm responding to wasn't forged.
>
> (Responding to the point of your message, rather than the actual words... :-)
>
> I think there are two parts to the problem: the first is "does this electronic
> identity correspond to a real person", and "how can that electronic identity
> securely post messages". (I assume that was your point, yes?)
>
> As to the first, something like a PGPmail web of trust would work. E.g. you've
> never met me, but you probably have met Dino or TLi, and they have met me, and
> can confirm (in both directions) that we're real.
>
> As to the second, well, basic email isn't terribly secure (alas); however,
> there are a number of heuristics. First, for any list I'm on, I will
> certainly notice if a fake "jnc" starts posting! And you can look at the
> Received-from: headers to make sure the email came from where it says it came
> from. And it's easy enough to track me down and call me on the phone (again,
> people you know can verify that the phone number is real). Etc, etc...
>
The point that I was trying to make is exactly that this is all rather
squishy
as you I'm sure agree with. Given the squishy nature of this, it seems
rather difficult to try to enforce broad authorizations (= anonymity vs.
consensus
in this particular case). I'm not even sure I understand what
"anonymity" means
in that particular context... that I can't google the email address and
get enough
confirming evidence of non-doghood? I suspect that if we ever tried to
codify
this sort of stricture, we'd soon wish we hadn't.
Mike, could be a dog too
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf