J. Gomez writes: > Verifiable authenticity of email greatly depends on DMARC's > success. Because without DMARC's success the authenticity of email > can only be verified heuristically and not systematically.
This is an error of logic. *Authenticity* (defined as "did the message satisfy DMARC From alignment when injected?") of *each* message *can* be verified independently of other messages, and if From alignment is verified, the message *is* authentic (modulo black helicopters with 4096-bit encryption breaking equipment). It's what to think about non-verifiable mail that becomes unclear. Since the "important" mail is direct mail, From alignment will be preserved until received by the addressee. Therefore list behavior only affects DMARC verifiability of list traffic, *not* those other mail flows, as far as I can see. > Well, I posit the user requirement is, at large, to take email to > the next level a viable medium for important communications. I understand what you're saying, and we all agree that email as we currently know it has an important role for Internet communication, and that for it to continue to fulfill that role we need to improve its security in several ways. But (as Dave Crocker is emphasizing in another subthread), we need to be very careful to define requirements in terms of what the software can do, and then do our best to define and implement protocols that satisfy the requirements and *prove* that the software does satisfy those requirements. The "requirement" you propose is not implementable in a software system alone, whether it is satisfied or not cannot be verified from the behavior of software alone, and therefore cannot be posited as a requirement in the sense used in software engineering. Please think about what I've written. It's a very useful way to think about software systems, and IETF discussions are normally phrased using this kind of language. If you don't use it, people will not know what you're talking about, and your ideas will not be picked up. Steve _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
