[Top] [All Lists]

Re: Possible RFC 3683 PR-action

2008-03-25 09:12:27
    > From: Michael Thomas <mat(_at_)cisco(_dot_)com>

    > So I've never met you, Noel. And I certainly don't have any reason to
    > believe that this email I'm responding to wasn't forged.

(Responding to the point of your message, rather than the actual words... :-)

I think there are two parts to the problem: the first is "does this electronic
identity correspond to a real person", and "how can that electronic identity
securely post messages". (I assume that was your point, yes?)

As to the first, something like a PGPmail web of trust would work. E.g. you've
never met me, but you probably have met Dino or TLi, and they have met me, and
can confirm (in both directions) that we're real.

As to the second, well, basic email isn't terribly secure (alas); however,
there are a number of heuristics. First, for any list I'm on, I will
certainly notice if a fake "jnc" starts posting! And you can look at the
Received-from: headers to make sure the email came from where it says it came
from. And it's easy enough to track me down and call me on the phone (again,
people you know can verify that the phone number is real). Etc, etc...

IETF mailing list