On Tue, 4 Apr 2006 13:37:35 +0000, Julian Mehnle said:
What do folks -- especially the gnupg-devel ones -- think about using SPF
for that purpose? Are there any non-obvious fundamental issues that need
to be taken into account?
I consider SPF far to complex to solve the simple goal of
authenticating the source of an email. It does not stop spam , as
this requires content filters and the jurisdiction and won't
authenmticate the full message.
Agreed, neither OpenPGP nor S/MIME will authenticate the header
(e.g. the Subject) but there are easy ways to do this within the
existing framework: Just wrap the entire message into a message/rfc822
container and sign it. A MUA may then properly indicate what has been
signed.
The goal of PKA is much simpler: Authenticate the From: header and
allow the MUA or MTA to detected spoofed messages this way.
The ability to do an opportunistic encryption using the PKA framework
is just a very welcome side-effect.
Shalom-Salam,
Werner
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com