ietf-mailsig
[Top] [All Lists]

RE: draft-delany-domainkeys-base-02.txt

2005-04-05 20:34:03

My suggestion prevents this risk. Don't give anyone your 
private keys. This prevents any message you have not seen (or 
processed) from being signed.  By having the bank sign their 
own messages, rather than some untrusted third-party, then 
what is contained within the message remains within their 
control.  

You are suggesting that the largest banks in the world, not to mention
any other company that outsources email sending are likely to make a
major change in their current business practices wrt email.

This is certainly a bracing approach to requirements analysis if nothing
else.


From where I sit what you have sucessfully argued is the case for
per-user keying.


<Prev in Thread] Current Thread [Next in Thread>