Keyservers and the future

David T Kerns david.t.kerns at
Fri May 20 17:03:32 CEST 2005

>Neil Williams writes:
>How do you guarantee that From: cannot be spoofed - it sounds like you are

>delegating that to the individual ISP / domain holder. I'm concerned that
>domain is too blunt as an instrument against spam and that it will remain
>easy to send spam from: and Even if someone does
>compromise the AOL terms and conditions, users cannot ignore all email
>that domain - it's simply too large - so I could not set the key
>be untrusted or unwanted.
>This could prejudice small domains, userspace domains, unfairly. The big
>domains would trivialise the signature because you could not discriminate
>between your AOL friends and the AOL spammers. If a particular domain
>with lots of accounts is tardy or just inefficient in booting off people
>abuse their terms, the user is left with a useless "validation" because
>user cannot distinguish between users at the domain.

I don't mean to butt into the conversation, but it sounds like you're
missing the whole point.
The whole purpose of this is that it eliminates spoofing of the domain
It doesn't matter if there's 1 user or 1 billion users behind (or if the mail says it's the from domain you can be sure
it IS from not spoofing to be (apologies to the
holder of that IP address, as this is a purely hypothetical example)

Radu's question is then, "will the keyserver model scale to hold keys for X
billion domain names?"

This E-mail is confidential. It may also be legally privileged. If you
are not the addressee you may not copy, forward, disclose or use any   part
of it. If you have received this message in error, please delete   it and
all copies from your system and notify the sender immediately   by return
E-mail.     Internet communications cannot be guaranteed to be timely,
secure,   error or virus-free. The sender does not accept liability for any
errors or omissions.

More information about the Gnupg-users mailing list