Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys"

["Alan DeKok" <aland@ox.org>]

Mark Baugher <mbaugher@cisco.com> wrote:
> >   If DK means that each sender signs the message, then you have two
> >choices.  One is to have a domain-wide private key, in which case it
> >must change regularly, as spammers will quickly obtain it.
> 
> I don't know why you would assume this.

  If every user has access to the private key to sign outgoing
messages, then spammers have access to it, too.  After all, spammers
can sign up for accounts at ISP's...

> A big problem with per-user private keys is that these
> private keys are vulnerable when user machines are infected with
> viruses.

  That's really outside of the scope of the solution.

  However, having *signed* viruses means you're pretty sure whose
machine is infected.

>   I don't expect the mail operator's machines to be so vulnerable.
> Also, past experience has shown that most users hate to use
> cryptographic technologies for email or anything else when they have
> a choice.

  I thought the whole point of the solution was that users wouldn't
even know their messages were being signed.

> >(Why not
> >just then have every domain put user authentication information in
> >DNS, and have every recipient MTA do SMTP AUTH?  It's entirely
> >equivalent, and doesn't require much in the way of user-agent
> >changes.)
> 
> This sounds like a very good approach from MTA(s)->MTA(r), but
> what about the case of MTA(s)->MTA(i)->MTA(r), which is a rare
> case that nonetheless needs to be supported?

  See the LMAP discussion document for ways to do this.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg