[Top] [All Lists]

Re: Possible RFC 3683 PR-action

2008-03-25 10:25:54
Noel Chiappa wrote:
    > From: Michael Thomas <mat(_at_)cisco(_dot_)com>

    > So I've never met you, Noel. And I certainly don't have any reason to
    > believe that this email I'm responding to wasn't forged.

(Responding to the point of your message, rather than the actual words... :-)

I think there are two parts to the problem: the first is "does this electronic
identity correspond to a real person", and "how can that electronic identity
securely post messages". (I assume that was your point, yes?)

As to the first, something like a PGPmail web of trust would work. E.g. you've
never met me, but you probably have met Dino or TLi, and they have met me, and
can confirm (in both directions) that we're real.

As to the second, well, basic email isn't terribly secure (alas); however,
there are a number of heuristics. First, for any list I'm on, I will
certainly notice if a fake "jnc" starts posting! And you can look at the
Received-from: headers to make sure the email came from where it says it came
from. And it's easy enough to track me down and call me on the phone (again,
people you know can verify that the phone number is real). Etc, etc...

The point that I was trying to make is exactly that this is all rather 
as you  I'm sure agree with. Given the squishy nature of this, it seems
rather difficult to try to enforce broad authorizations (= anonymity vs. 
in this particular case). I'm not even sure I understand what 
"anonymity" means
in that particular context... that I can't google the email address and 
get enough
confirming evidence of non-doghood? I suspect that if we ever tried to 
this sort of stricture, we'd soon wish we hadn't.

          Mike, could be a dog too
IETF mailing list