Re: Why not XML


Alan DeKok wrote:

 What about putting the MARID data in-line in SMTP via an extension?
It can be signed, and the keys can go into DNS ala DK, which should

validate it.


Actually not a bad idea, but two counter arguments:

- This is based on cryptography. This means it has to cope with
 secret keys. We do not have the hardware to keep secret
 keys secret. Remember that there are spam armys built from
 hundres of thousands of machines infected with mailicous
 code. This code is already collected license keys and such stuff.

 The same people who wrote this software would immediately
 start to write  routines to collect the keys to generate
 false records. Today you can buy collections of e-mail address
 lists. Tomorrow they will come with stolen keys.

 You would need to have a highly protected issuer of such
 records. Do you thing thats practical and feasible?


- If you, on the other hand, give every sender or domain owner
 a key to generate the record himself, why to bother with this
 at all? Why not simply signing the message itself?


regards
Hadmut

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Why not XML, Hallam-Baker, Phillip Re: Why not XML, Eric A. Hall Re: Why not XML, Alan DeKok Re: Why not XML, Eric A. Hall Re: Why not XML, Alan DeKok Re: out of line XML, was Why not XML, John Levine Re: out of line XML, was Why not XML, william(at)elan.net Re: out of line XML, was Why not XML, John R Levine Re: Why not XML, Hadmut Danisch <= Re: Why not XML, Alan DeKok Re: Why not XML, Hadmut Danisch RE: Why not XML, Hallam-Baker, Phillip RE: Why not XML, John R Levine Re: Why not XML, Hector Santos RE: Why not XML, Hallam-Baker, Phillip

Previous by Date:	Re: Emotions, Encoding, and Ignorance (Was: Why not XML), Hadmut Danisch
Next by Date:	Re: Why not XML, Alan DeKok
Previous by Thread:	Re: out of line XML, was Why not XML, John R Levine
Next by Thread:	Re: Why not XML, Alan DeKok
Indexes:	[Date] [Thread] [Top] [All Lists]