-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Woodhouse writes:
On Thu, 2005-01-13 at 12:41 -0500, John R Levine wrote:
Signature schemes ask yet a different question. Whereas SPF asks "could
the message have come from this domain", signature schemes ask "did the
message come from this domain." That's a different and considerably
stronger assertion.
The way I prefer to see/phrase this is that SPF offers a _whitelist_. It
can say 'yes' or it can say 'maybe'. It can't reliably say 'no'.
It's only a 'no' result which is _really_ useful because that's what
allows us to _reject_ email. SPF can only sensibly be used for bypassing
other checks for known-trusted senders, not for rejecting mail.
Well, FWIW, it looks like signature schemes that can't survive mailing
lists or over-aggressive munging MTAs will be in a similar boat, at least
until the servers are fixed to not break the sigs.
in other words, a signature-verification failure may be:
1. a spammer attempting signature reuse
2. a list server appending text/munging the body
3. an MTA munging the message in transit
Given the prevalence of 2 and 3, a checking gateway can't assume 1 has
taken place. So that leaves only the ability to say "this message
has passed signature verification, so therefore it was really sent
by the signing domain".
Also, more correctly, both SPF and sig schemes do not offer a whitelist,
themselves; they offer a way to ensure that the sender's address has not
been impersonated, which *in conjunction with* a whitelist of
addresses/domains, can be used to whitelist a message. in other words
we still need reputation services or similar on top.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFB6BRIMJF5cimLx9ARArZ1AKCtjwiAv3YpQnsQh6j1a6sRpZWP3gCgoDj6
0aXjURsM2niJXMv6EfMy7EA=
=CnSH
-----END PGP SIGNATURE-----