At 04:21 PM 6/9/2003 -0600, Art Pollard wrote:
[..]
I think as has been mentioned previously in regards to CR systems in
general (and I don't remember if it was mentioned in the CRI case), that
what should happen is that the messages should be digitally signed by the
sender. The CR system would filter based in the digital signature rather
than the FROM address. Thus it would be quite possible for people to have
multiple clients with the same digital signature (one for each e-mail
address say) and they would only have to undergo the CR once -- even if
they switched ISPs. Furthermore, it would virtually eliminate spoofing
since even if someone were able to obtain a previous copy of someone's
mail and a list of all their friends, they still would be unable to spoof
the digital signature. When whitelisting occurred, it would whitelist a
particular person's signature rather than their e-mail address.
We discussed the possibility within the CRI framework. However, it is
important to keep the CRI framework simple and things like
digital signatures and hashcash, would be implemented via an extension
mechanism.
I'm not sure if the CRI framework provides for this or not as I have a
hard time keeping up with things (just as many in this list apparently do).
Is there a brief synopsis of the current state of the CRI framework so I
can refresh my memory on everything? (Which would be much better than
having to re-read all the CRI messages. ;-)
Hold on for Eric Dean's latest draft.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg