OK thank you Bernie, But pEp is also based on MIME (which requires trust on at least one centralized CA which falls into the centralized infrastructure isn't it ?)
And yes I agree bad guys could use this as well (but probably they already do it anyway) so through pEp + DMARC it wouldn't be even safer to exchange messages finally an easy way to have End to end encryption using open protocols for webmail (and not just rely on existing APPS/SW) implementations? At the end you have to trust someone and that could be linked to existing DMARC DNS records? Regards Gustavo -----Original Message----- From: 'Bernie Hoeneisen' <[email protected]> Sent: Tuesday, March 19, 2019 7:44 PM To: Doug Foster <[email protected]> Cc: DAMY gustavo <[email protected]>; [email protected] Subject: Re: [dmarc-ietf] Email security beyond DMARC? Dear Doug / Damy There is no direct connection between pEp and DMARC, as pEp is not relying on centralized infrastructure. cheers Bernie On Tue, 19 Mar 2019, Doug Foster wrote: > Can one of you elaborate on the potential connection between PeP and DMARC, > or more generally, the connection beteen PeP and spam filtering? > > -----Original Message----- > From: dmarc [mailto:[email protected]] On Behalf Of DAMY gustavo > Sent: Tuesday, March 19, 2019 2:03 PM > To: [email protected] > Cc: Bernie Hoeneisen > Subject: Re: [dmarc-ietf] Email security beyond DMARC? > > Very useful links Bernie, thanks for the info. > I wonder if this working group will eventually will make reference to the > concept of PeP protocol to reinforce the usage of DMARC you are mentioning > below? > > Best Regards > Gustavo Damy > > > -----Original Message----- > From: Bernie Hoeneisen <[email protected]> > Sent: Monday, March 18, 2019 1:58 PM > To: Douglas E. Foster <[email protected]> > Cc: [email protected] > Subject: Re: [dmarc-ietf] Email security beyond DMARC? > > Hi Doug > > On Sat, 16 Mar 2019, Douglas E. Foster wrote: > >> I tried to understand what IETF is doing about email security, and >> this working group seems to be the only surviving effort. Based on >> the index, the groups attention is focused on polishing the existing >> DMARC implementaton rather than plowing new territory. Given the >> devastating effect of WannaCry and the success of other email-based >> attacks, I think our work is far from finished. > > You may want to have a look on some upcoming work. We just started a new > mailing list, which includes the topic of email security: > > MEDUP -- Missing Elements for Decentralized and Usable Privacy > > To subscribe: > > - https://www.ietf.org/mailman/listinfo/medup > > Please find more information on: > > - https://mailarchive.ietf.org/arch/msg/medup/mbrbhFekt_srXShzpCa4RiXgPbY > > - https://mailarchive.ietf.org/arch/msg/pearg/oBjgAwG3_eoR6tpLQGTE_9OggzQ > > The former also includes a list of Internet-Drafts describing the MEDUP > challenges. > > > Please be also informated that the LAMPS WG has requested a new work item on > email header protection to be added to its charter. > > > Hope that helps! > > Best, > Bernie > > -- > > http://ucom.ch/ > Modern Telephony Solutions and Tech Consulting for Internet Technology > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
