Dave Crocker wrote:
Tony,
TH> a legitimate message from someone I have corresponded with in the
past.
The
TH> only way to detect a fraud at the MUA would be to have a verifiable
TH> signature from Alain (this was trapped at my MTA due to the exe file).
yes, but no.
first, there is an increasingly heated debate between folks who want to
sign the message (TEOS, DomainKeys), versus others who want to secure the
channel between
sender and receiver (RMX, LMAP, SPF, etc.).
Is there an obvious reason not to do both? Neither is a total solution, but
either ties a message to an identity object. It is time to stop fighting
over which is better and put both approaches out there. The market will
decide if one is easier for Joe-sixpack to use.
Once that debate is resolved, there is still the matter of compromised
system. The message might actually come from the purported author's
system, but still not be from the author because it has been taken over
by evil forces. So, even with perfect automated validation, the content
still might not be valid.
Compromised systems are a problem, but the scope of the bogus mail
originators is limited to the users of the compromised system. Without
traceability it comes from everywhere, but with traceability at least one
knows where to go to correct the problem. If we are stuck fighting over the
'perfect' solution, we will never get anywhere. The engineering community is
particularly bad at figuring out what will catch on for the lowest
denominator consumer, and a committee of engineers takes a bad situation and
makes it hopeless.
Tony
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>