On Wed, 2004-12-15 at 11:15 -0800, Hallam-Baker, Phillip wrote:
The only end points in an email security system are people.
End to end security is an intellectually bankrupt concept because outside
MIT there are no people who can perform RSA in their head, we inevitably end
up relying on mediators at a whole series of levels.
Right. And by this argument, neither RFC2822 nor RFC2821 identities are
really what we want to use. Biometric authentication, perhaps?
Meanwhile, in the real world... :)
RFC 2821 identities are irrelevant when dealling with the phishing problem,
they are never seen by end users and are not intended to be seen.
This is a red herring. RFC2822 identities aren't _reliably_ seen by
users either. _Whatever_ we do, if we want it to be visible to users we
have to make MUA changes. Picking the RFC2822 identity purely on the
basis of visibility makes no sense.
Yet that's the only reason I've seen offered for picking the complexity
of RFC2822 identities over the simplicity of RFC2821 MAIL FROM.
--
dwmw2