-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Les Mikesell wrote: > On Thu, 2004-08-19 at 12:01, [EMAIL PROTECTED] wrote: > >> A solution *is* possible, even though the specs aren't (yet) it. >> Worst-case, everyone gets a PGP key, publishes the public key in DNS, >> and signs all outgoing mail. Then headers can be thrown around at >> will. > > I don't see why you call that the worst case, since it tells you > what you really want to know - unless you have some bizarre interest > about what machine registered in what domain had some small part > in delivering the message. The problem is still that this > identification is meaningless unless there is a way to limit the > number of them that can be generated.
Not meaningless. If I send an email From: [EMAIL PROTECTED], and sign it with my PGP key, and publish my public PGP key via DNS at matthew-dot-van-dot-eerde.example.com, you can be darn sure that one of the following is true: 1) the signature is invalid 2) the email really came from [EMAIL PROTECTED] 3) example.com is borked (DNS is under control of black hats, say) You can check 1) using PGP, which gets you down to 2) or 3). If you know 2) isn't true, you can infer 3) - and blacklist all future email from example.com (until they fix it) It's true that security at the domain level is meaningless from an end-user perspective. But from a litigious perspective it's a lot easier to subpoena registration info on a domain if you can PROVE that the domain's DNS administrator is complicit to bad behavior. [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer -----BEGIN PGP SIGNATURE----- Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc iD8DBQFBJP7xUQQr0VWaglwRAh6VAJ9NvRhdJ46gMQF9+pldpPEHLcQdlQCgqWHm wA4rG/pksFtgtNOebuKX85Y= =opkH -----END PGP SIGNATURE----- _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
