On 04/05/2006 05:50, Werner Koch wrote:
On Tue, 04 Apr 2006 14:24:18 +0200, Jeroen Massar said:
This all though leads to a concern on the placing of the CERTS. Having a
That is not really a question. The new DNS based certificate (well,
keyblock) capability of gpg is independent of the PKA system. Keys
may still be stored on key servers (which are much better now than in
the past) or on web pages or whereever one wants.
Actually you can starting deploying such a system right now if you do
it at the MTA and use just a key per domain. This will allow better
verification of mails from potential phishing targets.
That's true. What I think is envisioned for a linkage from SPF is some
indication of whether to expect messages to be signed. The idea we are
exploring is to, in a new version of SPF, really take on the idea inherent in
the name, Sender Policy Framework and offer a method for domains to describe
their sending practices.
Relative to GPG signing, I can imagine that it might be useful to know that a
domain signs all messages so that an unsigned message can automatically be
deem to be suspicious, rejected, etc.
Scott Kitterman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com