ietf-mailsig
[Top] [All Lists]

Re: MARID vs. MASS

2005-01-14 12:15:07

It can't even say "yes", at best it can say "probably" since SPF doesn't
certify individual messages.

Well yes, but let's be fair -- _nothing_ can certify individual
messages. Even if you make the user enter their PGP passphrase for every
mail they send, it's still going to be sniffable if you 0wn their
computer.

Let's not let our geekly paranoia get the better of us.  There's a wide
range between no security at all and huddling in a windowless building
with the door bricked up.

Signatures are applied to individual message, path authentication isn't.
I think it's fair to say that allows you to conclude more from signatures
than you can from just matching the IP address even though we all can
imagine more or less arcane ways to spoof either.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.


<Prev in Thread] Current Thread [Next in Thread>