Hi Craig,
While I understand you comments about closed groups. The real problem
with scaling beyond closed groups is, as you point out, trust
mechanisms. What I fail to see is why we need a different signature
format to deploy a more scalable trust mechanism.
Trevor
* -----Original Message-----
* From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]
* On Behalf Of Craig McGregor
* Sent: Monday, June 21, 2004 8:12 PM
* To: Russ Housley; ietf-smime(_at_)imc(_dot_)org
* Subject: RE: Anti-spam news article / S/MIME Gateways
*
*
*
* >Tumbleweed Chief Executive Jeff Smith says there's a lot of
* misunderstanding about
* >S/MIME, because it was created as a desktop encryption technology. He
* argues it's
* > also simple and cost-effective to use as a gateway authentication
* technology, and
* > that its quality advantages make it the best choice. Tumbleweed
would
* like to work
* > with Yahoo to merge their technologies.
*
* S/MIME gateway software in the context of a 'closed-community' is a
* proven method of authenticating the sending domains of e-mail messages
* and has been effective at blocking increased volumes of spoofed e-mail
* messages (providing they were sent from a participating domain). And
of
* cause using S/MIME encryption protects one from in-transit
eavesdropping
* too!
*
* Applying what is quite managable in a 'closed-community' for an
* Internet-wide deployment would be somewhat more challenging though.
* Particularly around certificate deployment, trust-chains and
* auto-discovery (assume DNS for internet-wide; a 'closed-community'
could
* use LDAP). I think that is why domain keys proposes to trust DNS data
as
* being authorative without any further validation.
*
* Craig.
*
*
*
*
*
*
*
*
*
*
*
*