Keith Moore wrote:
As far as I can tell, the threats to individuals that result
from traceable network transactions are at least as great as
the threats that result from anonymity. We need to be
thinking in terms of balancing the risk from those two kinds
of threats. This is hard because the relationship between
the two kinds of threat varies from one place to another and
from one time to another.
ACK. Nevertheless I want to be able to protect "my" mail from
addresses as specified in RFCs 4408 and 4409, and if others
prefer DKIM for slightly different purposes that's also fine,
it only doesn't solve my problem.
Of course I also do want to be able to send "from" unprotected
addresses, e.g. to sort out technical issues, or if I'd want to
send (pseudo-) anonymous mails.
If receivers decide to reject all (pseudo-) anonymous mails it
might be a dubious idea, but it doesn't justify to "forbid" or
"block" the tested (SPF) / proposed (DKIM) protection schemes.
If such schemes simply _cannot_ work as designed for technical
reasons it's a different issue. The IAB decided that this is
no reason to fix another proposal (SID), but at least it's very
clear that it won't fly as proposed standard. And the authors
are free to tackle the real problems in RFCs 2822 and 4409.
Frank
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf