On Thu, Mar 18, 2004 at 10:50:20AM -0500, Meng Weng Wong wrote:
|
| OK, let me rephrase.
|
| I believe that the solution domain of designated sender schemes matches
| the problem domain of RFC2821 MAIL FROM authentication, and that the
| solution domain of crytographic signatures matches the problem domain of
| RFC2822 header From: authentication.
OK, let me rephrase again.
1) I believe that it is important to protect the RFC2821 MAIL FROM from
illegitimate spoofing, independent of the RFC2822 header From:.
2) I believe that the most appropriate way to do so is with a designated
sender scheme.
3) I believe that it is also important to protect the RFC2822 header From:
from illegitimate spoofing, independent of the RFC2821 MAIL FROM.
4) I believe that the most appropriate way to do so is with a cryptographic
signature system.
5) By "appropriate", I mean "engineering tradeoffs that require the
least amount of total work to preserve existing desired functionality
and inhibit undesired illegitimate spoofing." I assume that some of
this work may have to be done by operators of newsletters, forwarder
services, senders of web-generated email, etc.