ietf-mailsig
[Top] [All Lists]

Re: Anonymous signed mail

2004-08-19 14:00:34

At 05:30 PM 8/18/2004 -0700, Dave Crocker wrote:
Jim,

JF> To state it a different way, what's important isn't who the sender is, but 
whether the
JF> sender is authorized to use that email address.  In a sense we're making 
the domain

Actually, I don't find "authorization" all that interesting.
Necessary, perhaps, but not interesting.

What is interesting is whether a gross violator can be properly
penalized. That's different than saying that someone gave the
permission (authorization) before they screwed up.

"Interesting", I presume, refers to how effective this mechanism is against 
spam.  I completely agree that authorization is necessary, but not sufficient; 
we will need accreditation/reputation services as well.  The penalty will be a 
lower rating.

But there are other problems we could be solving as well, such as to aid 
enforcement of audit mechanisms at financial institutions (if the message is 
signed, it got archived for the regulators).  That isn't as urgent a problem to 
solve as spam/phishing to most of us, but it's a side benefit.

-Jim


<Prev in Thread] Current Thread [Next in Thread>