Re: [Asrg] Proven solution for authenticating messages
Hadmut Danisch <hadmut@danisch.de> Tue, 04 March 2003 09:40 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10529 for <asrg-archive@odin.ietf.org>; Tue, 4 Mar 2003 04:40:32 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h249ouP20556 for asrg-archive@odin.ietf.org; Tue, 4 Mar 2003 04:50:56 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h249oup20553 for <asrg-web-archive@optimus.ietf.org>; Tue, 4 Mar 2003 04:50:56 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10519; Tue, 4 Mar 2003 04:40:00 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h249o1p20484; Tue, 4 Mar 2003 04:50:01 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h249nEp20438 for <asrg@optimus.ietf.org>; Tue, 4 Mar 2003 04:49:14 -0500
Received: from sklave3.rackland.de (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10440 for <asrg@ietf.org>; Tue, 4 Mar 2003 04:38:19 -0500 (EST)
Received: from sodom (uucp@localhost) by sklave3.rackland.de (8.12.8/8.12.8/Debian-1) with BSMTP id h249e94B009697; Tue, 4 Mar 2003 10:40:09 +0100
Received: (from hadmut@localhost) by sodom.home.danisch.de (8.12.6/8.12.6/Debian-8) id h249dNe6002303; Tue, 4 Mar 2003 10:39:23 +0100
From: Hadmut Danisch <hadmut@danisch.de>
To: Prasenjeet Dutta <bulk@chaoszone.org>
Cc: asrg@ietf.org, mike.pearson@ssc.govt.nz
Subject: Re: [Asrg] Proven solution for authenticating messages
Message-ID: <20030304093923.GB1965@danisch.de>
References: <7B170C5E4008D311ABB70008C7D3825B03BC340E@saison.ssc.govt.nz> <20030303213350.GA13559@danisch.de> <3E6453B9.2080905@chaoszone.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3E6453B9.2080905@chaoszone.org>
User-Agent: Mutt/1.4i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 04 Mar 2003 10:39:23 +0100
On Tue, Mar 04, 2003 at 12:50:25PM +0530, Prasenjeet Dutta wrote: > > It could also be because most PKI infrastructure is based on the X.509 > model, which (though scalable) requires folk needing a certificate to > cough up cash to CAs like Verisign. Also, for secure personal > communication (as opposed to electronic commerce), PGP has been arguably > far more popular than S/MIME. Especially given its free, bottom-up 'web > of trust' model, PGP may well succeed where the top-down X.509 has > not. PGP (as we know it) will never do this job, since it lacks the structure that X.509 has. PGP trust is based on a cloud of friends and acquaintances, you will never get a working trust structure covering the world wide email network. > Again, what is the goal of using TLS for email? Securing the messages? > That opens up a new battle with the monitoring agencies. Or is it (from > the anti-spam point of view) to let SMTP servers non-repudiably identify > themselves? If this is the goal, then it can be done with far less > overhead than TLS. You miss the point. I didn't discuss the goal of TLS. What I wanted to say: That is a mechanism that already is implemented and widely spread. No need to install new software. And even that one is rarely used, because cryptography is still to complicated for most mail admins. The very same problem will apply to the S/MIME approach once it is used outside a centralized organisation like the NZ gov. Secondly, the NZ S/MIME doesn't provide end-to-end security, only relay-to-relay. The same effect can be achieved with TLS. TLS is already available, but people simply don't use it. > Digital signatures inserted by the *server* (not by the user, who should > not have to bother with the complexity of this) to identify *itself*, > using an RFC 2440 infrastructure, may be more successful in making > individual SMTP servers identifiable and accountable for what they spew > onto the Internet. Consider this fragment: Again, you will never get a working PGP infrastructure reliably covering the whole e-mail world. Hadmut _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Proven solution for authenticating messages mike.pearson
- Re: [Asrg] Proven solution for authenticating mes… Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating mes… Prasenjeet Dutta
- Re: [Asrg] Proven solution for authenticating mes… Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating mes… Prasenjeet Dutta
- Re: [Asrg] Proven solution for authenticating mes… Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating mes… Roland
- Re: [Asrg] Proven solution for authenticating mes… Prasenjeet Dutta
- Re: [Asrg] Proven solution for authenticating mes… Prasenjeet Dutta
- use of signatures is not restricted by law (Re: [… Adam Back
- Re: use of signatures is not restricted by law (R… Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating mes… Matthias Leisi
- Re: [Asrg] Proven solution for authenticating mes… Brad Templeton
- Re: use of signatures is not restricted by law (R… Adam Back
- Re: use of signatures is not restricted by law (R… Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating mes… Vernon Schryver
- Re: use of signatures is not restricted by law (R… Adam Back
- RE: use of signatures is not restricted by law (R… Bob Wyman
- Re: use of signatures is not restricted by law (R… Hadmut Danisch
- Re: use of signatures is not restricted by law (R… Ben Laurie
- Re: use of signatures is not restricted by law (R… Brad Templeton