At 11:46 AM 5/19/2004, William Leibzon wrote:
Big problem I have with it is that yahoo domain keys breaks with email
forwarders, mail lists and roaming users (and they fully acknoledge that
it does not work with them and say there is no good work-around). That
makes it no-go as far as I concerned for initial deployment unless
changes are made.
You're assuming that there's no way to fix the break.
And frankly, I'm less then satisfied after so many promises and lots of
wait for it. Its long document (which I ready fully) that primarily just
pounds on rather old idea of entering public key in dns and using private
key to add signed header to email, this idea had been around for at least
4 years (possibly more) and I thought they found ways around above listed
What is new is the signing of the header. I don't believe that this
has been practiced since the days of PGP. I don't know about PEM.
Mark
and other similar problems when email content must be changed in process
of tranmission by intermediate server, but unfortunetly they did not. Nor
do they address entering keys too well, again we're back to reusing TXT
(where as what we need is standard for entering public keys in DNS and
this is needed not only for email but for several others things and in
general would come usefull, there have been drafts about this actually).
On Tue, 18 May 2004, Yakov Shafranovich wrote:
> From MARID list.
>
> -------- Original Message --------
> Subject: Yahoo! Mail Publishes Specification for DomainKeys
> Date: Tue, 18 May 2004 10:46:32 -0400
> From: Larry Seltzer <larry(_at_)larryseltzer(_dot_)com>
> To: 'IETF MARID WG' <ietf-mxcomp(_at_)imc(_dot_)org>
>
>
> (see http://antispam.yahoo.com/domainkeys in particular)
>
> LJS
>
> Yahoo! Mail Publishes Specification for DomainKeys
>
> E-mail Authentication Solution Filed with IETF;
>
> Alpha Version of Open Source Code Available
>
> WHAT:
>
> On Tuesday, May 18, Yahoo! announces the publication of its
> specification on DomainKeys,
> a cryptographic e-mail authentication solution to help fight spam.
>
> DomainKeys: In order to attack spam at its roots, a powerful solution is
> needed that can
> verify the identity of the e-mail sender and put an end to spoofing and
> forgery.
> DomainKeys help fight spam by providing strong assurance of both the
> sender's identity
> and the integrity of the e-mail content through the use of
> public/private key
> cryptography.
>
> On Monday, May 17, the company filed the spec as an Internet-draft with
> the IETF
> (Internet Engineering Task Force) standards body to begin the
> standardization process.
>
> Additionally, Yahoo! is currently developing a reference implementation
> for DomainKeys
> that can be plugged into Message Transfer Agents (MTAs), such as qmail.
> An alpha version
> of this software will be released under a royalty free license at
> SourceForge.net.
>
> WHERE:
>
> The specification, license terms and FAQs are posted on Yahoo!'s
> Anti-Spam Resource
> Center: http://antispam.yahoo.com
> The alpha version of the software will be hosted at SourceForge.net at:
> http://sourceforge.net/index.php
>
> --
> Yakov Shafranovich / asrg <at> shaftek.org
> SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
> "There is nothing new under the sun" (Eccls. 1:9)
>
> _______________________________________________
> Asrg mailing list
> Asrg(_at_)ietf(_dot_)org
> https://www1.ietf.org/mailman/listinfo/asrg
>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg