On Oct 23, 2013, at 11:44 AM, Dave Crocker <[email protected]> wrote:
> On 10/23/2013 2:34 PM, Noel Torres wrote: >> On 23/10/13 19:18, Dave Crocker wrote: >>> On 10/23/2013 2:13 PM, Noel Torres wrote: >>>> I think it would be possible, and even easy for the developers, to >>>> program an extension to SMTP in which servers use OpenPGP among them, >>>> independently of any TLS/SSL usage. >>>> >>>> Why: It helps stopping spam because the receiver server can trust the >>>> identity of the sender, and it helps avoiding wiretapping. >>> >>> Please explain it's superiority over DKIM and SPF and DMARC. >>> >>> d/ >>> >> Hi Dave >> >> In short, DKIM does not avoid wiretapping on itself, SPF does not, >> either, nor DMARC. > > You cited the benefit you are seeking as trusting who the 'sender' was. > That's an authentication/signature task, not a confidentiality/encryption > task. > > d/ > > ps. the mere fact of authentication does not vet the trustworthiness of the > validated identity. Dear Dave, As you know, DKIM can not authenticate the sender. DKIM authenticates some unseen domain signed a portion of the message. DKIM does not confirm the signing domain intended to send the message to the recipient either. Nor does DKIM ensure valid message structure where acceptance on the basis of trusted DKIM signatures can be hazardous, contrary to the process described in the DKIM deployment RFC. In addition, because DKIM can not authenticate the sender, it can never abate email abuse either, nor was that ever described as a supported feature. StartTLS is not affected by message structure and indicates the intended recipient as well as identifying an accountable sender. StartTLS offers a safe basis for trust, reputation, and acceptance. DKIM in conjunction with DMARC has very limited applicability and only prevents From header field spoofing but even then allows click-able links to be injected into a spoofed Subject header field. Regards, Douglas Otis ps. DKIM authentication does not vet the message nor the trustworthiness of the signing domain. DKIM does not validate any identity either. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
