On Wed, 2004-03-03 at 01:52 +0100, Jeroen Massar wrote:
On another note, to extend SPF wouldn't it be
a good feature to add something like:
example.com IN TXT "v=spf1 sig:sigserver.example.net"
The 'sigserver.example.net' box could then run
a whois like directory which contains PGP (or other)
signature methods just like the current pgp keyservers.
What's wrong with just putting the key into the SPF record too?
In general don't want to use GPG because it involves MIME (or other
noise) and won't always survive mailing lists, and because to many
people a GPG signature implies a level of trust far above what's
appropriate with SMTP AUTH.
I've been toying with alternative methods of signing content, which life
unobtrusively in the headers and should survive a little bit of
mangling. See
http://lists.infradead.org/pipermail/sender-auth/2004-February/000015.html
for some details.
--
dwmw2