-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of
Hallam-Baker,
Phillip
Attached is a proposal for an accreditation mechanism
based on the
existing DNS A record conventions but designed to allow
extension to support other approaches.
Basically it should be possible to announce the fact
that there is
an accreditation and the location where that accreditation should be
verified. If there is no way to say who your accreditation
service is then
we will be stuck with the 'single root of trust' problem that
people have complained of wrt SSL certificates.
I wanted to use DNS to avoid the use of any "single root of trust" or
collection of trusted roots. All of the existing proposals assume the domain
decides which of its hosts or nodes or other entities send mail, assuming the
administrators of the domain have that control.[2]
So by using DNS we've already addressed this particular problem. Wether the
domain itself is trustworthy or not, I believe, is not the decision of any
central authority or array of loosely centralized authorities. The recipient
decides.[1] My impression is no e-mail domain admins want any centralized
authority or collection thereof to say they're allowed to send mail.
[1] The receiver pays to receive e-mail. The ISP gets paid by the receiver,
and the ISP has to pay someone to receive e-mail. While it's been an
anti-spammer's mantra for five years, I've only seen spammers and purists try
to argue it, with only rare success.
[2] <mantra>I won't say it. It's too easy.</mantra>
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>