Noel Torres wrote this message on Wed, Oct 23, 2013 at 19:34 +0100:
> On 23/10/13 19:18, Dave Crocker wrote:
> >On 10/23/2013 2:13 PM, Noel Torres wrote:
> >>I think it would be possible, and even easy for the developers, to
> >>program an extension to SMTP in which servers use OpenPGP among them,
> >>independently of any TLS/SSL usage.
> >>
> >>Why: It helps stopping spam because the receiver server can trust the
> >>identity of the sender, and it helps avoiding wiretapping.
> >
> >
> >
> >Please explain it's superiority over DKIM and SPF and DMARC.
> >
> >d/
> >
> >
> Hi Dave
>
> In short, DKIM does not avoid wiretapping on itself, SPF does not,
> either, nor DMARC.
Except that we already have STARTTLS... How is this better than
DKIM/SPF/DMARC and STARTTLS?
And don't say it means that spam will be encrypted, because you (and the
spammer) don't care about encryption of a spam message, and any real
email (w/ a valid DKIM, etc) will be sent wrapped in STARTTLS...
And the advantage of STARTTLS is that it only now needs simple
configuration as opposed to having to install a new milter and gpg,
etc...
This doesn't prevent MITM attacks, but w/ DNSSEC + DANE, it could be
addressed...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
