Steve Atkins <st...@wordtothewise.com> wrote:
> >On May 30, 2011, at 3:23 PM, Murray S. Kucherawy wrote: >> or at least the chain-of-trust capability, but no proof that the >increased risk is worth the increased gain. >> >Chain of trust is a somewhat different thing, and could likely be >implemented with little, if any, increased risk in the case where the >MLM is trusted (for some meaning of the word that probably boils down >to manual whitelist or positive reputation of the MLM operator) by the >recipient. > >The MLM signing the re-sent message, including an A-R header or some >slight variant, is the obvious way. I don't think there's much gain to >be had there, but it can be done with little effort and little risk. Chain of trust is always an appealing model. Unfortunately, it hasn't been used successfully over the open Internet. The closest we are coming to having an example of its working is DNSSec, which actually has a very, very constrained model and relatively short chain. It's utility as a demonstration of success is also very new. It's not a 'complete' example. There is a tendency to believe that operational changes are preferred over protocol changes. That's essentially the difference between formulatng a model of trusting the sequence of message handlers, versus devising an authentication technique that survives the sequence of handlers. Unfortunately, operational changes for security tend to make a more fragile model. d/ -- Dave Crocker bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html