----- Original Message -----
From: "David Brodbeck" <gull(_at_)gull(_dot_)us>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Sunday, August 29, 2004 1:35 PM
Subject: Re: [spf-discuss] Re: DEPLOY: SPF/Sender ID support in Courier.
AccuSpam wrote:
Again I assert that crypto signing of e-mail is going to happen. I
assert that a de-centralized approach like SenderKeys is our best defense.
The possibility for people to crypto-sign their email has been around
ever since PGP was invented. Almost no one actually takes advantage of
it, though. I don't think people see any great benefits to it, so I
doubt it'll be widespread anytime soon.
There are profound legal issues. The original RSA patents were an early
issue with PGP and GPG and impeded its use, although they have since
expired. (RSA itself passively interfered with this by refusing to sell
individual licenses for the RSA algorithm for users or businesses to legally
use PGP: I tried for months to get such a license for corporate use, and
they couldn't even understand what I was asking for.) The various national
encryption regulations, such as the US encryption export regulations
classifying it as a "munition" and which was found unconstitutional once and
was simply transferred from one federal department to another to avoid
following the court's ruling are another example of a policy which actively
interferes in the inclusion of encryption/authentication systems for general
software publication.
Some of us have had to deal with software that had a default release and a
set of add-on modules which you had to prove you were a US citizen and
didn't have any international software collaborators in order to get the
security add-ons. This stuff has been crazy making for years.