ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Request for comments on draft mail protocol

2004-05-26 15:55:06
from [James Denness] [Permanent Link] 
Hello,

I am currently involved in a project to create an internet-draft for a
domain/key based system allowing mail domains to be validated using rsa
keys, distributed using the DNS system, with minimal modification to
existing infrastructure. Does a specification for such a system already
exist? I have many ideas for extentions to the existing SMTP protocol, as
well as plans for a derivative protocol incorporating this key-based
system as a more secure and verifiable method of exchanging mail. If
anyone is interested, I would appreciate being contacted off-list to
discuss the possible formation of a working group to discuss such ideas.

Regards,
James Denness

On Wed, 26 May 2004, Vernon Schryver wrote:


Date: Wed, 26 May 2004 15:00:00 -0600 (MDT)
From: Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com>
To: ietf(_at_)ietf(_dot_)org
Subject: Re: spoofing email addresses


From: Andrew Newton <andy(_at_)hxr(_dot_)us>



On May 24, 2004, at 1:49 PM, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:


In fact, there isn't any sane way to detect "inconsistent" header
information
without external hints - this is the reason why there's the SPF
proposal, the
Yahoo domain-keys proposal, and Microsoft's proposal.


And MARID.


I don't see any of those proposals and their competitors as sane.
Some of them, such as SPF, do not even meet their own design goals
as stated informally by their advocates.  Others such as domain-keys
do not seem to do anything that is not already done by SMTP-TLS, despite
the goals in the I-D that seem to be closer to S/MIME.  None of them
have much to do with spam, but only with a currently popular mode of
attack used by spammers.  None have any hope of affecting even that
particular attack mode for years, because none can have any significant
effect until deployed on most SMTP clients.  Many seem to be based on
insufficient familiarity with the nature of SMTP (e.g. SPF's incredible
source-routing scheme) and the urge to Do Something Now regardless of
actual results.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: spoofing email addresses, Vernon Schryver
Next by Date:  Re: Request for comments on draft mail protocol, Vernon Schryver
Previous by Thread:  Re: spoofing email addresses, Vernon Schryver
Next by Thread:  Re: Request for comments on draft mail protocol, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]