--On 18 November 2008 07:22:46 -0600 Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
When dkim is widespread, I'd expect my email client to say "don't trust
this message" if it can't find a dkim signature.
Do you use that same model in dealing with people?
You have some set of people you know you can trust, so you mistrust
everyone else?
Yes. For example, I sometimes get calls from my bank, they start by asking
for my security information. I don't give it to them, because I can't know
who they are. If my phone were fitted with secure caller id, and could
confirm it was the bank calling, then I might think differently.
Actually, I assign different levels of trust to different people.
I guess the phrase "don't trust this message" might not be the best, but
I'd certainly expect my email client to tell me about the dkim status in a
way that was useful to anyone that speaks my language.
Also, I'd want to be able to tell my mail client who my bank is (etc), so
it can tell me when email really is from them, and especially to alert me
when an email is from a close but different address.
d/
--
Ian Eiloart
IT Services, University of Sussex
x3148
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg