Markus Stumpf wrote:
On Mon, Dec 08, 2003 at 03:35:28PM -0500, Yakov Shafranovich wrote:
The signature attests to the fact that the domain name or server from
which the message originated, is not forged.
*lol*
I don't see any more security here as with a "paranoid" dns lookup.
If I do a reverse DNS lookup and get a name and do a lookup of the name
and get the IP I can assume#1 that it is correct.
#1 with drawbacks as to DNS spoofing and DNS security.
Now, if the sending MTA has a signature on the message and I use DNS
to get the public key to verify the signature #1 from above still
applies. So the win for using PKI and not paranoid DNS lookups is zero.
[..]
Would there be a difference if the message is forwarded through a list,
or is transfered via multiple MTAs?
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Be liberal in what you accept, and conservative in what you send" (Jon
Postel)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg