The problem with this approach is that it requires receiving the whole
message before the receiver can make a decision. This negates many of
the advantages of SPF over content based filtering. Also, whenever
crypto is involved, you have to worry about export issues. What happens
if the receiver is unable to run PGP (legally)?
Philip
Meng Weng Wong wrote:
On Wed, Jan 14, 2004 at 10:39:27PM -0500, Meng Weng Wong wrote:
| SPF is completely compatible with S/MIME and PGP; the only reason we
| haven't defined a mechanism for them is because, well, nobody asked for
| it. Shall we put one in?
mechanism pgp:domain-spec
A message is authenticated, and this mechanism returns PASS, if the
public key obtained by a TXT query against the domain-spec confirms
the signed message content.
domain-spec is expanded with the usual macros.
If the message content does not match the public key, the message is
not authenticated, and the mechanism evaluates to FAIL. A receiving
MTA may indicate its rejection during an SMTP transaction after
receiving the ".". Alternatively, it may accept it, but subject it to
content-filtering or whatever.
Message content outside the signed area should be discarded by the
receiving MTA.
http://www.imc.org/smime-pgpmime.html describes a number of RFCs
including RFC1847 and RFC2015. I don't know if they're up to date but
the basic idea is there.
Comments welcome. Regrettably, I haven't auto-signed my mail with PGP
in a while. (I had to stop when my mother complained that Outlook
Express kept putting "all these weird attachments" on her desktop.)
This turns into DomainKeys pretty easily: instead of making the
signature a MIME part, you shove it into the headers, and then you just
tell everyone to pretend that the entire message body is the signed
part. Does that sound right? It's late.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡