-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seth Goodman wrote:
SPF, however, does not directly validate sender addresses. That
requires strong cryptography and a system to distribute validation
instructions.
How is "strong cryptography" any more secure an assertion method than IP
address authorization?
If you said this was due to the insecurities of DNS, then I might agree,
but this argument seems to keep coming up based on the assumption that
"strong cryptography" has some magical properties that make it more
trustworthy than non-crypto methods. This, however, is not true. Crypto
keys can be stolen, or ways to short-cut crypto algorithms can be
discovered, and lo and behold, thy strong cryptography is meaningless!
The grade of security of any assertion method only depends on the odds of
it being plausibly reproduced against the will of the authority, not on
some inherent magical properties. That goes for paper permit documents,
PGP signatures, and SPF DNS records saying "+a:host".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFchXMwL7PKlBZWjsRApPRAJ9oq6B5ec9Lo6kOE8W5d9h5Osnw3gCfc3eO
I0dEAdruZu3Iu7X430FPUOw=
=faSF
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735