At 01:44 PM 10/8/2004 -0700, william(at)elan.net wrote:
On Fri, 8 Oct 2004, James M Galvin wrote:
I am still opposed to an end-to-end email signature mechanism, more
precisely, an end-user to end-user mechanim. I still believe that to do
so would be re-inventing secure email.
It would if you built completely new signature system like Yahoo and
Cisco want. But if we extend on S/MIME its just a way to use existing
secure email technology in new application (that may require new
extensions for it to work properl for our design).
If you think that Identified Internet Mail and DomainKeys are strictly end-user
to end-user mechanisms, I think you misunderstand. This is discussed to some
extent in section 4 of
http://www.ietf.org/internet-drafts/draft-fenton-identified-mail-00.txt but in
rereading it could probably have been clearer. I will try to fix that in the
next revision.
Signing and verification can be done in the MUA, or can be done in an MTA (and
not even the first/last hop; it just has to be an MTA within your own trust
domain). Keys can be granular to the domain or user level, and that is
independent of where the signing happens (although it is unlikely that MUAs
would be given domain-level keys to use).
-Jim