ietf
[Top] [All Lists]

Re: RFC 2487 [5]: Suggest dropping of "TLS Required"- forbid and extensions of current standards

2005-09-02 07:31:13
Keith Moore wrote:
I agree that getting authentication into the email protocols is a good
thing, but TLS does not achieve much more than SPF/Sender-ID in that
respect. DKIM is a much better platform.


Not clear.  As currently envisioned, DKIM doesn't address phishing
because it basically says "I saw this message" rather than "I wrote this
message".  It doesn't authenticate transmission either because it
doesn't record to whom the message was transmitted.  So it addresses the
spam problem only if you're willing to take a rather large leap of faith
in reputation services that have no reliable basis with which to
determine a domain's reputation, and a few other leaps of faith besides.

i see...


I think DKIM is fixable, but if it stays in its current form it will
only delay adoption of effective anti-phishing and anti-spam solutions
by a few more years.  And several people in that proto-WG seem to think
that getting agreement on something that people have blind faith in is
more important than actually understanding whether and how it will solve
any real problems.

hard words...

so lets use state of the art, and thats tls for now.


Keith



tom

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>