ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Proven solution for authenticating messages

2003-03-04 02:40:32
from [Hadmut Danisch] [Permanent Link] 
On Tue, Mar 04, 2003 at 12:50:25PM +0530, Prasenjeet Dutta wrote:


It could also be because most PKI infrastructure is based on the X.509 
model, which (though scalable) requires folk needing a certificate to 
cough up cash to CAs like Verisign. Also, for secure personal 
communication (as opposed to electronic commerce), PGP has been arguably 
far more popular than S/MIME. Especially given its free, bottom-up 'web 
of trust' model, PGP may well succeed where the top-down X.509 has
not.


PGP (as we know it) will never do this job, since it lacks the
structure that X.509 has. PGP trust is based on a cloud of friends and
acquaintances, you will never get a working trust structure covering
the world wide email network.






Again, what is the goal of using TLS for email? Securing the messages? 
That opens up a new battle with the monitoring agencies. Or is it (from 
the anti-spam point of view) to let SMTP servers non-repudiably identify 
themselves? If this is the goal, then it can be done with far less 
overhead than TLS.


You miss the point. I didn't discuss the goal of TLS. 

What I wanted to say: That is a mechanism that already is 
implemented and widely spread. No need to install new software. 
And even that one is rarely used, because cryptography is still
to complicated for most mail admins. The very same problem 
will apply to the S/MIME approach once it is used outside a 
centralized organisation like the NZ gov. 


Secondly, the NZ S/MIME doesn't provide end-to-end security, only
relay-to-relay. The same effect can be achieved with TLS. TLS is
already available, but people simply don't use it.




Digital signatures inserted by the *server* (not by the user, who should 
not have to bother with the complexity of this) to identify *itself*, 
using an  RFC 2440 infrastructure, may be more successful in making 
individual SMTP servers identifiable and accountable for what they spew 
onto the Internet. Consider this fragment:




Again, you will never get a working PGP infrastructure reliably 
covering the whole e-mail world.

Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: RMX Records, Hadmut Danisch
Next by Date:  [Asrg] Separate solution from implementation, Hadmut Danisch
Previous by Thread:  Re: [Asrg] Proven solution for authenticating messages, Prasenjeet Dutta
Next by Thread:  Re: [Asrg] Proven solution for authenticating messages, Prasenjeet Dutta
Indexes:  [Date] [Thread] [Top] [All Lists]