On Thu, 7 Oct 2004, Jim Fenton wrote:
I'm not sure I'm happy with either of those phrases. When it says
"authenticate the original author or sender" it sounds like there is
some sort of hard binding between the message and a person; no
anonymity is possible. There are use cases that depend on the
relative anonymity that we currently have in the mail system, and we
should preserve that behavior. I prefer the description (even if
it's not precise) that we need to authenticate the message, and
verify the authorization of the sender.
I believe if we focus on an MTA to MTA mechanism, based on the domain of
the sender's email address, then psuedonymity is possible. The
anonymizing MTA becomes an originating MTA and signs the message based
on the domain in the psuedonym. What it does with messages behind that
psuedonum is a matter of local policy.
>Both S/MIME and PGP actually support more than one means of conveying
>that information: security multiparts and something unique to itself.
>Do we need another means of conveying the security information?
That's a key question. I and others think we do. We should
probably break that question down into (1) whether a MIME
encapsulation must be required for all signed messages and (2)
choice of keying model (certificates, web of trust, etc.). IMO
there are enough problems with issue (1) that we don't need to go
further.
Based on the assumption we are working on an end-MTA to end-MTA
signature, I now agree that issue of conveying the security information
is a good one to debate in the working group.
I think there's always been agreement that we need to debate the whole
key management problem.
Jim