In all the discussion of authenticating individual senders rather than
the servers and MTAs they're using, we've all forgotten that there are
circumstances in which anonymity is a requirement. Think of corporate
whistle-blowing situations, in which someone wishes to send an anonymous
message to an entity like a media organization or the SEC. In a world
in which all transmissions are undeniably authenticated to a sender,
this becomes impossible.
Anonymous transmission is indeed a feature of our current systems, not a
bug. Any new system or authentication layer on top of what already
exists needs to maintain that.
As I understand it, most of the proposals of that nature are about tying
messages to a specific e-mail address. Just because you can trace a message
back to a certain address does not necessarily mean you can identify the human
being who sent it.
I could sign up for a fully-traced mail account and then use an anonymising
proxy service to access it. Providing the mail service didn't check that the
personal details I supply are correct (as far as I know, few mail services do),
I could easily sign up with a false name and details.
This would be especially simple for webmail accounts via anonymous web proxy
(e.g. anonymizer.com) so that tracing the originating IP address would not be
helpful. And if the mail service itself did not have my real personal details
(because I wouldn't supply genuine ones) then how could anyone know who sent it?
This is just an example, but there are many technical methods people can use to
protect their physical identity.
I'm not necessarily in favour of authentication schemes, in fact I've yet to be
persuaded either way so I've no personal axe to grind. I just wanted to point
out that "e-mail address != person".
Andrew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg