LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[Fwd: Re: [ILUG] opinions on DKIM]

[Fwd: Re: [ILUG] opinions on DKIM]

Jeroen Massar jeroen at unfix.org
Wed Apr 25 20:19:25 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin Mason wrote:
> paul at clubi.ie writes:
>> - why on earth, if the goal is to authenticate emails from online
>>    entities (e.g. PayPal, AOL, Amazon, etc.) to /their customers/,
>>    do we need to invent /any/ technology at all?
>>
>>    - the problems could be fixed just easily by using *EXISTING* RFCs
>>    - we already have the technology to sign emails...
>>    - the DKIM "dont fail bad signatures" goal actually runs /counter/
>>      to this, the only possible credible use for DKIM..
> 
> Can you name a single online store that sends transactional mail signed
> with PGP or S-MIME?  Or a cron job on your machines?
> 
> PGP/S-MIME signatures are nice for small-scale, person-to-person,
> pre-arranged encryption/signing.  However, they've thoroughly failed in
> deployment for non-person-to-person email (e.g. transactional or
> automated), which constitutes a pretty important subset of SMTP use.

OpenPGP signed mail definitely works in an automated fashion. It is what
we and a lot of ISP's use for updating RIPE database entries, and yes
that goes from cron, I am really not going to be **** to update those
manually, let the robot handle that. Guess why SixXS has the record
number of inet6num's in the RIPE db, indeed that is not because I or Pim
manually typed them in there :)

This thus proves that: there are automated signers + automated verifiers.

For the latter I have a PHP based tool which can do it for you (soon to
be deployed for forum at sixxs.net in case folks are wondering :)

As mentioned, the big issue with PGP signing is the key distribution
(mostly solved by pka-address), that every user needs it and lastly that
some mailinglists seem to strip it when not using inline-signing, which
breaks other things ;)

Greets,
 Jeroen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Jeroen Massar / http://unfix.org/~jeroen/

iHUEARECADUFAkYvqbwuFIAAAAAAFQAQcGthLWFkZHJlc3NAZ251cGcub3JnamVy
b2VuQHVuZml4Lm9yZwAKCRApqihSMz58IwVnAJ9uN/hf5Yv70F1MYjNxoDmUaSzd
qgCfb7MUp5gYW+trkTF64EEoXLEGup0=
=lUyr
-----END PGP SIGNATURE-----

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell