Just to clarify, RMX-like proposals give a sending domain the ability to
act as dictator if its owner wishes, but do not mandate that it act as
dictator. The domain owner may choose not to filter outgoing content.
(Indeed, if RMX were available to me, I would definitely not
content-filter outgoing messages from other users at my domain, except in
the context of virus defense--in which case it would be an optional
feature). This decision would fall under the scope of a privacy policy.
One part of the problem is that it determines not who can send mail but
where mail can be sent from. So you could decide not to authorising sending
from domains without outgoing political correctness filters, not to
authorise sending throgh domains that didn't agree to secretly send a copy
to you, and so on. It's not just a privacy policy but also a freedom of
speech policy that's needed here.
Your crypto-based alternative also allows the domain owner to act as
dictator if he/she wishes, by withholding the signing key. There are
security advantages to going this way, even if there is no intent to
filter, since it prevents the key leakage.
So would you say that the principal advantage of the crypto approach is
that it prevents the domain from acting as dictator while plausibly
denying same?
Well, the idea is to give users the keys, which means there will be leakage
and you have to change them often. If you don't give users the keys you
force them into your outgoing relays and that's as bad as RMX. So this
proposal doesn't work if you want to be really secure.
If so, do you believe this advantage is worth the additional
implementation cost?
Yes, the advantage of giving people a token rather than saying which
transmitters they can use are worth the hassle.
Please bear in mind that a user may choose any domain on the Internet
willing to offer mail service, and may even operate his/her own domain.
This seems vastly less restrictive than the current situation, wherein the
user would be left with few options if his/her ISP started filtering
outgoing mail (intercept outbound port 25). The ISP also has an incentive
to do so--to avoid being blacklisted!
It gets to be quite fun, all sorts of new possibilities turn up. For
example you could blacklist not the domain but a particular key index of the
domain. So there's an incentive for the domain owner to have quite a few
keys and use them to distinguish groups.
Tom
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg