> From: Chris Drake [mailto:[EMAIL PROTECTED] > Hi David, > > DKIM is one of at least 3 different serverside email > verification protocols - the other lesser one is SenderID aka > CallerID from Microsoft, and the really big one is SPF. > Yahoo and gmail are the only people doing DKIM that I know of > (check your own gmail headers - you can see it in there: > DomainKey-Signature: a=rsa-sha1; q=dns; ...
Actually SenderID and SPF are the same as far as the sender is concerned. There are people who have the peculiar notion that the SENDER of an email should be able to prevent the RECIPIENT from using evil proprietary software to scan their email. Tough. I make it a point to scan each and every email received from open source types using the PRA. As you might guess I have very little time for the specific doctrine of open source theology that caused the split. The Microsoft license was fully compliant with the traditional IETF terms. > S/MIME is better than all the above, since it's client-side > instead of serverside (cannot be spoofed by other users of > the same ISP or webmail provider) - but S/MIME itself relies > on some earlier "click here to confirm you own this email > address" check, none of which probably use SPF/DKIM/SenderID Actually S/MIME and OpenPGP both have issues which is why Jon Callas and myself were invovled. They are both very good for a certain application, they are not very well suited for the specific application addressed by DKIM. I have proposed a scheme which is a synthesis of an extended DKIM and SMIME/PGP. The basic idea is to use DKIM for authentication, augmenting it with a means of accessing a certificate for the key discovered in the DNS so that a receiver can obtain information about the sender. S/MIME and PGP are used to protect the confidentiality of outbound email. There is a small amount of glue. In point of fact either message format is just as good as the other or as near so as makes little odds. The reason for insisting on support for both is that I am completely sick of people thinking that there is still a standards war going on. And so for that matter is PGP Inc which has been selling a pretty nice SMIME implementation for years. Support for end user keying is layered in using XKMS 2.0 which is a W3C standard that supports key discovery, trusted key discovery and provisioning. I presented a paper on this scheme to the 2006 NIST PKI conference. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
