spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [registrars] yahoo announces new anti-spam meas ure (fwd)

2003-12-08 06:21:46
from [Hallam-Baker, Phillip] [Permanent Link] 
It is message level.

Transport level security is ok but less flexible.

My preferred system would use spf for a master record, encode the domain
public key in the dns and include links to certifiates for policy
correspondence.

The cost of a ca issued  cert is policy enforcement. 



 -----Original Message-----
From:   Philipp Morger
Sent:   Mon Dec 08 00:18:48 2003
To:     spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject:        Re: [spf-discuss] [registrars] yahoo announces new anti-spam
measure (fwd)

On Sun, Dec 07, 2003 at 14:08:44 -0500, Mark Jeftovic wrote:

http://www.washingtonpost.com/wp-dyn/articles/A39549-2003Dec5.html

"domainKeys"



Well, it's not so much a difference from TLS authenticated peers, is it?
except that you search the keys in the DNS instead of you local list of
trusted certs.

A TLS based scheme is IMHO quite easy implemented, most of the code
exists.

- If a client connects, get the name of the CA, lookup for a special Key
  in the DNS who tell's you whom to ask for the valid fingerprint.

- Ask the DNS-Server retrieved from the first step if the Fingerprint is
  valid (RBL Style)

Example:

Host foo.example.com connects with cert signed by ca.example.com and
fingerprint 1:2:3:4

the DNSCA record of ca.example.com points to askme.example.com

an RBL style lookup is done upon the fingerprint on askme.example.com -
if it is listed, then it's ok - you may also tell the requestor if this
cert has been revoked or simple does not exist.

Regards
Philipp

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [registrars] yahoo announces new anti-spam meas ure (fwd), Hallam-Baker, Phillip
Next by Date:  Re: [registrars] yahoo announces new anti-spam measure (fwd), Mark
Previous by Thread:  Re: patents, B. Johannessen
Next by Thread:  Re: [registrars] yahoo announces new anti-spam measure (fwd), Bill Rockefeller
Indexes:  [Date] [Thread] [Top] [All Lists]