Dave Crocker wrote:
Jeroen Massar wrote:Stephane Bortzmeyer wrote:On Tue, Feb 26, 2008 at 10:37:06AM -0800,Dave Crocker <dhc at dcrocker.net> wrote a message of 31 lines which said:Why isn't a Domain Name sufficient to the purpose you have in mind?I agree with the reasons given by Keith Moore (a machine does not control its domain name).More importantly: the service can't be anonymous then.1. The stateed use is for application of policies, such as access control. How can that be done in the face of anonymity?
Anonymity in that nothing is registered and can't directly be correlated to a certain person (of course you can track IP addresses and use that etc to look in other log files etc).
If you take for instance an SSH key. This SSH key 'proves' that the SSH service that has the private key, is the same one as the one you talked to last time. Still it is quite anonymous, as you don't have any hooks to domain names or other details where whois comes into play.
2. In other words, please specify the details of anonymity that you require.
Nothing is truly anonymous, ever. If somebody wants to find out who you are they will find out, if you like it or not.
3. Please look at: <http://dkim.org/specs/draft-ietf-dkim-overview-09.html> specifically sections 3.1.5,
That is what I meant with 1)DKIM indeed 'comes up' with a pub/priv keypair out of thin air, like SSH. When you talk to the host again you do know that you are talking to the same host and not a different one, but they are still anonymous.
Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature