Re: semantics of the signature



On Sat, 9 Oct 2004, Jim Fenton wrote:

At 01:44 PM 10/8/2004 -0700, william(at)elan.net wrote:

On Fri, 8 Oct 2004, James M Galvin wrote:

I am still opposed to an end-to-end email signature mechanism, more
precisely, an end-user to end-user mechanim.  I still believe that to do
so would be re-inventing secure email.


It would if you built completely new signature system like Yahoo and 
Cisco want. But if we extend on S/MIME its just a way to use existing 
secure email technology in new application (that may require new 
extensions for it to work properl for our design).


If you think that Identified Internet Mail and DomainKeys are strictly 
end-user to end-user mechanisms, I think you misunderstand.  This is 
discussed to some extent in section 4 of 
http://www.ietf.org/internet-drafts/draft-fenton-identified-mail-00.txt 
but in rereading it could probably have been clearer.  I will try to fix 
that in the next revision. Signing and verification can be done in the 
MUA, or can be done in an  MTA (and not even the first/last hop; it just 
has to be an MTA within your own trust domain).


I'm not sure where you got the idea that I think they are stricly end-user 
mechanisms. I've read fully both your draft and domain keys draft and think
they are primarily designed for MTA just like pretty much every other
proposal we have on the table. At the same time all these proposals can
in theory work if signature is added by MUA too.

My original comment is that majority of proposals are reinventing secure
email, something that we've already worked on for last 7 years and came
with some results (two standards are well tested and used, unfortunetly
unfortunetly they require all MUAs to be upgraded to support the standard
the sender is using and that together with necessity to educate hundreds 
of millons of users on how to use it caused very slow adaption). I believe 
that its better to instead try to use what we've already got and make 
whatever changes are necessary to be able to use existing email standard 
for primarily MTA to MTA email signing system.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
Re: semantics of the signature, (continued) Re: semantics of the signature, James M Galvin Re: semantics of the signature, Jim Fenton Re: semantics of the signature, Andrew Newton Re: semantics of the signature, william(at)elan.net Re: semantics of the signature, Jim Fenton Re: semantics of the signature, Michael Thomas Re: semantics of the signature, Dave Crocker Re: semantics of the signature, James M Galvin Re: semantics of the signature, william(at)elan.net Re: semantics of the signature, Jim Fenton Re: semantics of the signature, william(at)elan.net <= Re: semantics of the signature, Dave Crocker Re: semantics of the signature, James M Galvin Re: semantics of the signature, Dave Crocker Re: semantics of the signature, James M Galvin Re: what MTAs do, was semantics of the signature, John Levine Re: what MTAs do, was semantics of the signature, James M Galvin Re: what MTAs do, was semantics of the signature, Dave Crocker Re: what MTAs do, was semantics of the signature, James M Galvin Re: what MTAs do, was semantics of the signature, John R Levine RE: what MTAs do, was semantics of the signature, Seth Goodman

Previous by Date:	Comparison Matrix on proposals, william(at)elan.net
Next by Date:	RE: charter constraints list, william(at)elan.net
Previous by Thread:	Re: semantics of the signature, Jim Fenton
Next by Thread:	Re: semantics of the signature, Dave Crocker
Indexes:	[Date] [Thread] [Top] [All Lists]