ietf-822
[Top] [All Lists]

Re: authenticating the source of mail

2002-05-11 14:01:40

Historically, the approach to "secure" mail has been to provide mechs that
let a receiver validate the identity of the sender, but I am really
wondering if this isn't inappropriate in the majority of the cases.

In the paper-based world, we "trust" the delivery system, and do not
normally attempt to validate the supposed sender of the materials. 

That's only because snail-mailed bombs and anthrax have been relatively 
rare.

I *wish* we could make the same statement about email viruses.

However, I do think that some form of verifable source authentication,
if it were widely-enough deployed, might be useful in deterring viruses 
even if it doesn't always identify the exact person who sent the message.
Being able to pin down the source to a "small enough" organization 
or set of people might be enough, and achieving that might be much easier
than trying to authenticate every single possible individual sender. 

Keith