julian at mehnle
May 14, 2007, 3:23 AM
Post #3 of 3
(1121 views)
Permalink
|
|
Re: Presentation on e-mail sender authentication
[In reply to]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
William Leibzon wrote:
> Small error - DK and DKIM will not protect Sender header field, at most
> they may provide some protection for From but even that is debatable
> considering most want as weak SSP as possible.
Thanks for the heads-up.
> Also PGP and S/MIME are probably not well explained,
Yes, I assumed that my audience was already aware of the general functiona-
lity of PGP and S/MIME so I chose not to go into any details there.
> and some small issues there, i.e. public key exchanges are all
> stardardized, its just completely different way of exchanges, i.e. signed
> certificate from trusted root for S/MIME and verification of chain of
> trust for PGP.
At least for PGP there's no standardized way of distributing PKs (I don't
consider key servers as such since by far not everyone uploads their keys
to a key server, and this is not due to user ignorance or inertia).
> Not widely deployed is also wrong (they are both quite widely deployed
> and over 95% of currently used MUA support one or another), but not
> widely used due to perceived complexity would be entirely correct.
Well, OK, S/MIME is sort of widely supported in software (mainly due to
Microsoft products), but it doesn't get used a lot. I consider "being in
use" one of two major parts of "deployment" ("being supported" being the
other).
In any case, PGP is NOT widely supported (let alone widely in use).
> Could also have been good to mention at the end to EU audience that
> strong privacy laws spammers and should be done only with strong laws
> regarding abuse of domains including action by domain registrars
> (which is currently not the case).
True, however the focus of the presentation was a technical one.
> Otherwise quite good general email authentication presentation.
Thanks for your feedback, William!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGSDi8wL7PKlBZWjsRAo0kAKCdY+avsH9FE+S+CgDMsLN9ii++sACgjnIh
v3O6Dji2tldK2gC1wWxmdso=
=RNjl
-----END PGP SIGNATURE-----
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com
|
