-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
On Thu, 16 Nov 2006, Julian Mehnle wrote:
Well, not really. If all mail was getting checked for known and
trusted PGP/S/MIME signatures (i.e., trusted by the individual
end-user), SPF and all that other trouble wouldn't be necessary.
So you would never accept email from a stranger?
OK, perhaps not strictly require a trusted signature. But at least
strongly demote incoming mail that doesn't have one. Just like DKIM keys
can be assigned with an individual granularity, PGP/S/MIME keys can be
assigned with a domain granularity, and messages can be signed with
multiple keys (one per domain, and one per author), so domain association
could still be determined (which is important for bounces), even if you
don't trust the domain or the author.
But going into the point you made: Yes, I think eventually there's no way
around the AGUPI (assumed guilty until proven innocent) principle.
I hadn't accepted that for a long time (I even disputed Meng when he
started promoting the idea), but now I think that reputation systems will
eventually have to become so radical as to effectively become AGUPI.
Strangers will have to get introduced to me through some way or another
(and be it accreditation).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFXQJqwL7PKlBZWjsRAqOdAJ9DBX8QSpSA7ElNq3jQ1i5fzfN9bgCgyLQK
KWpH+A9lJPRLpkRbdqRkHfo=
=o0Cj
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735