Frank Ellermann wrote:
http://www.goodmailsystems.com/certifiedmail/
2+3 is apparently some kind of outsourced "hashcash"
I've got two replies saying that it's a bit like DKIM.
Thinking about this for some time: Apparently receivers
"see" what's a "good mail" without asking third parties,
for DKIM that would be DNS, here it could be "good mail".
If they don't ask third parties it must be something
they can check for themselves. A header field, and it
is probably better than "X-TrustMe". A simple kind of
cookie would be good enough for the webbug-function and
the bulkmail-fee (goodmail can identify valid cookies),
but it's not enough to catch forged cookies. Something
like "hashcash" (spiced with security by obscurity) is
possible, and that would be rather different from DKIM.
If step (5) "the receiver checks for a valid token" is
really independent of any third party. Hard to guess,
but Yahoo! wouldn't buy snake oil, or would they ? Bye
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg