Dean Anderson wrote:
I propose we use DNS to keep the meeting minutes.
Seriously, two things: This should be on namedroppers, and I have some
issues with it. Most obvious being that LDAP is already used in this
As far as I understand, LDAP has a different scope: it's intented
to be used within an organization while DNS has a world-wide
distribution.
capacity. Secondly, there are multiple mail servers that handle a message.
Just look at the headers from an ietf list message. Having each mailserver
do these lookups and then sign the message many times is a lot of work,
and adds many times more text to the message in the form of signatures.
In the simplest way it's enough to sign only at the first server
that receives the message from the user and check the signature
only on the last server that drops the message into an user's
mailbox.
Further down on the list is the comment that mailserver authentication
isn't widely used.
Well, the e-mail authentication is only one use of the keys in DNS.
Actually, even the use of them for remote login is such not a bad idea:
when establishing a login instead of requesting a public key
from the user by some other means, the admininistrator can just
pull it from DNS and store locally to prevent the possibility of
spoofing in the future.
Only Residential ISPs have per user accounts.
Commercial ISPs don't have this data, but still provide relay services to
business users.
In this case it would be up to the business users to sign the
outgoing messages if they want so.
And way down on my list is the point that many devices
just send mail, and don't have accounts.
This mail probably normally has some local destinations - a device
may be sending mail to its administrator (possibly on another side
of the world) but not to random people on Internet.
-SB