[Asrg] E-mail Postmarks

["Bob Atkinson" <bobatk at exchange.microsoft.com>]

Over the last several months, indeed, since somewhat well before last
Christmas, if my memory serves, there has in these and other circles
been floating general discussions concerning the use of digital
signatures on e-mail for accomplishing purposes *other* than the
traditional mail-author-signs-mail mechanism found today in systems like
S/MIME and PGP.

>From what I can tell from these discussions, there appears to be at
least a moderate degree of consensus that some sort of signature-based
scheme along these lines might be useful in helping to deter spam
(though whether the increase in deterrence is worth the cost of the
effort still seems open to debate). However, there is some significant
divergence of opinion as to how to best go about achieving that end.

Specifically, in this divergence there seem to be those who would like
to digitally sign the literal entire bytes of (a suffix of) an RFC2822
message body, and those (myself included) who quite strongly believe
that such an approach is so fragile so as to ultimately be of quite
little value.

But the core of the idea seems to me at least to be well worthy of
continued investigation and discussion. To that end, trying to be
constructive by painting a picture of how best I think this could
actually be made to work, on

	http://www.lessspam.org/EmailPostmarks.pdf

can be found a first, preliminary draft for discussion of an approach to
non-user-level signing of e-mail that supports the ability to affix
domain-related or other signed information to a message while taking
pragmatic steps to be robust in the face of transformations that occur
to messages as they flow in the Internet.

	Bob

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg