On Mon, Jul 28, 2014 at 04:47:12PM +0200, Martin Rex wrote:
> Rene Bartsch wrote:
> >
> > 2. MTAs/SPAM detection systems MUST check if the tupel "sender email
> > address" <-> "sender OpenPGP public key" matches and MUST reject the
> > email in case it does not match with signed messages to prevent address
> > forgery and SPAM.
>
> Terribly bad idea. Similar to DMARC policies, such behaviour by MTA
> would be a true criminal offence when performed by telecommunications
> service providers under EU jurisdiction.
>
> This is a check for the receiving MUA to perform.
Laws aside, PGP is an end-to-end security mechanism, and is generally
the concern of MUAs not MTAs. A PGP-signed message can be Resent
or forwarded via a list, and the envelope sender need not match
the message author. Yes, I also find DMARC distasteful on technical,
rather than legal grounds.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
