spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Global whitelist: wl.trusted-forwarder.org

2003-10-17 09:16:49
from [Mark Foster] [Permanent Link] 
On Thu, 2003-10-16 at 16:04, wayne wrote:

By "the VeriSign scenario", you mean what happens when this DNSWL gets
hardcoded into zillions of zone files and the operator of the DNSWL
becomes untrustworthy?  If so, I highly agree with that being a large
concern.

[snip]

My gut feel is that there will not be a large number of these DNSWLs,
there may end up only being one and only for a year or two.  However,
I think the question "who really is a trusted forwarder?" can be
legitimately answered many different ways and there *must* be a real
option given to people.

While I don't mean to venture off-topic and dilute the excellent dialog
happening on this list, I would like to put forth something on this
matter.
The other night I drafted  what I believe to be a feasible way of
accomplishing distributed white-listing, that does not rely on DNS. If
implemented widely enough, it would accelerate deployment of using
SSL/TLS transports for SMTP traffic and bring a new dimension of
authorization to the Net's emailinfrastructure.

It is somewhat related to the recent thread (here on
spf-discuss) of using S/MIME & PGP, but instead, this proposal
advocating the use of x509 certificates and PKI. By having multiple
independent certficate authorities (established now or not) I believe
this system could work
pretty well, in time.

That said, it's a idea that really isn't all that original, just seems
like noboby had brought it up before. Perhaps it would be bad because it
divides the haves from the havenots. I'm also a little concerned about
the CRL implementaion as from what I've heard, they aren't very mature
at this stage.

Have a look -- comments good or bad. As I said this
is a draft so there'll be mistakes.
Thanks.
http://mark.foster.cc/articles/secure-email.html
question: why don't existing CAs offer email server certificates? Only
web server certs, code signing and personal email.
-- 
Some days it's just not worth chewing through the restraints...
Mark Foster <mark(_at_)foster(_dot_)cc> http://mark.foster.cc/

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS RRtypes, Meng Weng Wong
Next by Date:  SSL certs, Meng Weng Wong
Previous by Thread:  Re: Global whitelist: wl.trusted-forwarder.org, wayne
Next by Thread:  SSL certs, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]