On 8/01/2004, at 1:33 PM, Julian Mehnle wrote:
Phillip Hutchings <[EMAIL PROTECTED]> wrote:The real aim of Yahoo!s system is not to authenticate the server though, it's to authenticate the email as being from a valid user. I can see this catching on in corporations, as it'll add a layer of knowledge to the receiver.
Isn't authenticating persons (vs. domains) better done with PGP/GPG or S/MIME?
Yes, hence my S/MIME signature. Yahoo! isn't intending to authenticate the person, just that the user is valid on their hosts. It could be anyone with a valid username/password.
All the system will do, as far as the basic details show, is stop forged return addresses, same as SPF, but with the added bonus that you can set up a roaming client to self sign messages if needed.
We really should stop speculating and wait for the actual specification. My domain has valid SPF, but I don't check it anywhere yet. It's somewhere on my to-do list.
-- Phillip Hutchings [EMAIL PROTECTED] http://www.sitharus.com/
smime.p7s
Description: S/MIME cryptographic signature
