Automatic key verification / CERT in DNS / RFC4398
Werner Koch
wk at gnupg.org
Wed Apr 5 14:44:28 CEST 2006
On Tue, 4 Apr 2006 13:37:35 +0000, Julian Mehnle said:
> What do folks -- especially the gnupg-devel ones -- think about using SPF
> for that purpose? Are there any non-obvious fundamental issues that need
> to be taken into account?
I consider SPF far to complex to solve the simple goal of
authenticating the source of an email. It does not stop spam , as
this requires content filters and the jurisdiction and won't
authenmticate the full message.
Agreed, neither OpenPGP nor S/MIME will authenticate the header
(e.g. the Subject) but there are easy ways to do this within the
existing framework: Just wrap the entire message into a message/rfc822
container and sign it. A MUA may then properly indicate what has been
signed.
The goal of PKA is much simpler: Authenticate the From: header and
allow the MUA or MTA to detected spoofed messages this way.
The ability to do an opportunistic encryption using the PKA framework
is just a very welcome side-effect.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list