Keyservers and the future
David T Kerns
david.t.kerns at us.hsbc.com
Fri May 20 17:03:32 CEST 2005
>Neil Williams writes:
>How do you guarantee that From: cannot be spoofed - it sounds like you are
>delegating that to the individual ISP / domain holder. I'm concerned that
the
>domain is too blunt as an instrument against spam and that it will remain
>easy to send spam from: aol.com and hotmail.com. Even if someone does
>compromise the AOL terms and conditions, users cannot ignore all email
from
>that domain - it's simply too large - so I could not set the aol.com key
to
>be untrusted or unwanted.
>
>This could prejudice small domains, userspace domains, unfairly. The big
>domains would trivialise the signature because you could not discriminate
>between your AOL friends and the AOL spammers. If a particular domain
holder
>with lots of accounts is tardy or just inefficient in booting off people
who
>abuse their terms, the user is left with a useless "validation" because
the
>user cannot distinguish between users at the domain.
I don't mean to butt into the conversation, but it sounds like you're
missing the whole point.
The whole purpose of this is that it eliminates spoofing of the domain
name.
It doesn't matter if there's 1 user or 1 billion users behind aol.com (or
johndoe.org) if the mail says it's the from domain xxx.org you can be sure
it IS from xxx.org not 11.22.33.44 spoofing to be xxx.org (apologies to the
holder of that IP address, as this is a purely hypothetical example)
Radu's question is then, "will the keyserver model scale to hold keys for X
billion domain names?"
-----------------------------------------
************************************************************************
This E-mail is confidential. It may also be legally privileged. If you
are not the addressee you may not copy, forward, disclose or use any part
of it. If you have received this message in error, please delete it and
all copies from your system and notify the sender immediately by return
E-mail. Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability for any
errors or omissions.
************************************************************************
More information about the Gnupg-users
mailing list