LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[Fwd: Re: [ILUG] opinions on DKIM]

[Fwd: Re: [ILUG] opinions on DKIM]

paul at clubi.ie paul at clubi.ie
Wed Apr 25 20:54:08 IST 2007 

On Wed, 25 Apr 2007, Justin Mason wrote:

> Can you name a single online store that sends transactional mail 
> signed with PGP or S-MIME?  Or a cron job on your machines?
>
> PGP/S-MIME signatures are nice for small-scale, person-to-person,
> pre-arranged encryption/signing.  However, they've thoroughly failed in
> deployment for non-person-to-person email (e.g. transactional or
> automated), which constitutes a pretty important subset of SMTP use.

If end-end strong authentication has failed, why would weaker, 
intermediate authentication succeed in its place?

(Your answer should explain how those whitelists are to be maintained 
;) ).

If DKIM is some "long term" solution, as another person in this 
thread suggested, why is the correct solution not to simply get MS to 
support S/MIME in its MUA (given deployment time would also be in 
"long term" scale)? I'm sure Paypal, Amazon, Ebay and some 
conglomeration of banks could persuade MS to do that. Then users' 
MUAs could be *SURE* that an email did not come from MS.

Some side notes:

- I've seen businesses use PGP as part of normal operations, to
   protect important emails

- There's no incompatibility between PGP or S/MIME and automation, no
   more than DKIM

- Some phishing mails today send users to 'look-alike' domains[1],
   e.g. amaz0n.com, so that the browser will get a completely valid
   X.509 certificate. The DKIM would work out fine too for such
   phishing..

   (strong end-end authentication doesnt work here either, unless WoT
    is used, rather than X.509 hierarchy AND Joe-user is careful about
    assigning trust)

1. There's a term for this <something>nym.., see:

    http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html

    for one real example. There's lots more.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
The only way to get rid of a temptation is to yield to it.
 		-- Oscar Wilde

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell