paul at clubi.ie writes:
> - why on earth, if the goal is to authenticate emails from online
> entities (e.g. PayPal, AOL, Amazon, etc.) to /their customers/,
> do we need to invent /any/ technology at all?
>> - the problems could be fixed just easily by using *EXISTING* RFCs
> - we already have the technology to sign emails...
> - the DKIM "dont fail bad signatures" goal actually runs /counter/
> to this, the only possible credible use for DKIM..
Can you name a single online store that sends transactional mail signed
with PGP or S-MIME? Or a cron job on your machines?
PGP/S-MIME signatures are nice for small-scale, person-to-person,
pre-arranged encryption/signing. However, they've thoroughly failed in
deployment for non-person-to-person email (e.g. transactional or
automated), which constitutes a pretty important subset of SMTP use.
--j.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
