spf-discuss
[Top] [All Lists]

[spf-discuss] Re: Automatic key verification / CERT in DNS / RFC4398

2006-04-05 05:48:47
On Tue, 4 Apr 2006 13:37:35 +0000, Julian Mehnle said:

What do folks -- especially the gnupg-devel ones -- think about using SPF 
for that purpose?  Are there any non-obvious fundamental issues that need 
to be taken into account?

I consider SPF far to complex to solve the simple goal of
authenticating the source of an email.  It does not stop spam , as
this requires content filters and the jurisdiction and won't
authenmticate the full message.

Agreed, neither OpenPGP nor S/MIME will authenticate the header
(e.g. the Subject) but there are easy ways to do this within the
existing framework: Just wrap the entire message into a message/rfc822
container and sign it.  A MUA may then properly indicate what has been
signed.

The goal of PKA is much simpler: Authenticate the From: header and
allow the MUA or MTA to detected spoofed messages this way.

The ability to do an opportunistic encryption using the PKA framework
is just a very welcome side-effect.


Shalom-Salam,

   Werner

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com