Raymie Stata wrote :
Instead of authenticating senders, what if we authenticated
sender-domains, leaving it to domains to authenticate senders (or not)?
Well I agree. That's what my original post "[Asrg] Proven solution for
authenticating messages" described:
The New Zealand government has developed a specification for securing
Internet email (authentication/encryption/integrity),
between agencies, using S/MIME gateways.
http://www.e-government.govt.nz/see/mail/index.asp
The specification is an interpretation of several RFCs:
http://www.e-government.govt.nz/docs/see-mail-bus-req-2-2/chapter1.html
This system is in use by over 50% of government agencies in New Zealand
already. Agencies have chosen to implement it either with commercial off
the shelf packages, or through the development of an open source version.
If an ISP were to adopt the system, then a customer's FROM address, could
match the email address(es) associated with the
username/password of the ISP account. In this way, we could authenticate
all messages between that ISP's customers and any other system user.
Because it happens at a server level, the customer never sees the complexity
of PKI. The servers automatically establish
and maintain links with new servers they discover (so long as the server's
CA is trusted).
Regards, Mike Pearson
Personal: The views expressed are not necessarily those of my employer.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg