On Nov 28, 2006, at 10:06 AM, Scott Kitterman wrote:
On Tuesday 28 November 2006 12:36, Frank Ellermann wrote:
In that point I agree with Hector: The problems of braindead MUAs
are out of scope.
Except that any solution that starts out with upgrade every MUA in
the world (except I think GNUs) is probably not going to get much
traction.
Don't forget most email applications and browsers offer plug-in
interfaces.
See:
http://www.iconix.com/
This startup has a fairly broad offering already. They can also
enable DKIM on Exchange.
The reality is that from an end user perspective 2822.From is the
only game in town.
By design, DKIM signatures are not visible. By inspection of a raw
message, a recipient has no way of knowing which messages hold a
valid DKIM signature. Do not assume DKIM prevents spoofing attempts
based upon visible headers with existing MUAs. Unless invalid
signatures are rejected (which breaks email in many scenarios), valid
DKIM signature might then be placed into a "valid DKIM signature"
folder as a type of annotation. A filter can inspect the "valid DKIM
signature" folder for signed originators found within the address
book and then move those messages into the "trusted" folder. This
would be far more secure and simpler than checking whether each and
_every_ unsigned messages should have been signed. I like the Iconix
approach myself. It will take a while before people stop reviewing
unsigned mail, but they will not be fooled when expecting trustworthy
messages to be signed by someone they already know.
How would you expect to communicate an assertion that a bank always
signs to the recipient? Would conveying this assertion increase a
likelihood of their customers then being fooled by look-alikes?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
