Philip Miller wrote:
[..]
DK advantages: prevents forgery in forwarded situations, such as if a
mailing list owner inserts a forged message on the list.
DK disadvantages: high burden of software implementation, requires
receipt of DATA before an authoritative check can be done
The DATA problem can be solved with an ESMTP extension or some creative
use of MAIL FROM AUTH extension.
BUT, I want you all to consider one more possibility - digital
signatures implies digital keys, digital keys imply digital
certificates. Another advantage of this approach is that the public key
of the sending system can be signed by someone else. While DNS limits
packet size (512 bytes for UDP), it is not unfeasible to have an
external system with a database of digital keys signed by that
authority. Sounds like a "Trusted Sender" approach that was proposed by
Project Lumos.
Having the ability of someone else vouch for a domain, is another
advantage of this approach (DK) over LMAP, although the possibility of
spammers getting on the "approved" listed fraudently and centralized
power problems, are issues.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"I ate your Web page. / Forgive me. It was juicy / And tart on my
tongue." (MIT's 404 Message)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg