From: "Ken Simpson" <ksimpson(_at_)ttul(_dot_)org>
Instead of certificates, why not just use the Bonded Sender approach and
use PTR queries to a whitelist DNS server or group of servers? A quick DNS
query is less intensive than cryptography and requires less programming.
Besides, running a CA is a huge undertaking.
This is a possibility. A DNS query may be less computationally intensive,
but I think it takes more time. A DNS query would avoid the byte overhead
of a message signature.
The advantage of cryptographic signatures is they prove that the message was
sent by the holder of the private key. This helps prevent malicious
complaints against a bonded sender.
There are already CAs. I think that they would work with an organization
such as TRUSTe rather than try to handle complaints themselves. They could
work with more than one organization. The exact details about certificate
signing and revocation would need to be worked out.
Other differences of my proposal from the Bonded Sender approach--
More than one policy could be chosen. Getting consensus on just one is
hard.
Participating servers should require a challenge-response on all mail from
non-participating servers.
Labeling properties of individual messages and senders is encouraged.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg