----- Original Message -----
From: <christopher(_at_)pobox(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, August 28, 2004 8:18 AM
Subject: Re[2]: [spf-discuss] Re: DEPLOY: SPF/Sender ID support in Courier.
A> server. Please support SenderKeys (or something like it) and also
Bad idea. crypto stuff stomps on loads of legitimate middlemen,
costs dearly in bandwidth and CPU, is very complicated, prone to
export regulations and patents, and introduces a range of new security
problems - all with absolutely no benefit over plain old SPF.
Also, we need to keep a close eye on Microsoft's crypto key initiatives.
Take a careful look at their magical appearing/disappearing/re-appearing and
frequently renamed "Palladium" initiative, which involves collaborating with
Intel to integrate a BIOS level encyption key management system, preferably
implemented on the CPU itself. It is designed to allow authentication of
both software packages and hardware, in particular to provide motherboard
level authentication of licenses for both Microsoft software and for various
DRM related hardware such as CD and DVD burners.
In SenderID terms, it's a potential way to provide extremely robust and
centrally managed encryption key that operates quickly because it's
occurring at an extremely low hardware level, almost directly on the CPU
itself.
Unfortunately, since Microsoft or their corporate partner would hold all the
private keys for these encryption devices, and since these
encryption/authentication tools would operate at such a low hardware level,
they could literally be used to prevent open source software from being able
to operate any authentication-requiring device on the system itself,
including the hard drives and DVD burners. This cuold actually be used to
prevent loading of non-Microsoft-partner boot loaders, old software with
keys that they have lost or decided to decommission because someone else
generated the fake key and published it, etc., etc.