On Sat, 7 Mar 2020, John Levine wrote:
This must be some DKIM other than the one the IETF standardized and every large mail provider uses to manage mail streams. There's no CA's, you publish your own verification key in your DNS, and it costs nothing beyond the software upgrades to use.
Most DNS registers avoid verifying customer information as long as the payment clears (for a short time). DKIM (and DNSSEC) is built on top of trusting tokens from third-parties which disclaim all liability.
Cryptography is not magic pixie dust. It won't create trust between unknown parties. Cryptography works between parties already known to each other to verify existing trust. Phone companies and advertisers have already demonstrated they can't be trusted to act as third-party introducers. They are more than willing to sell-out that trust to the highest bidder.
The reality is my phone already knows the numbers of my circle of friends and loved ones. Overseas call centers randomly generating phone numbers aren't matching the subset of phone numbers that cause my phone to ring. When the scammers start matching social media circles and phone numbers, then I'll need something new.
Eventually we'll have STE/STU-equivalent end-to-end verification on our smartphones.
