On 07/11/2007 16:36, Dean Brooks wrote: > On Wed, Nov 07, 2007 at 03:54:42PM +0000, John Robinson wrote: >> [...] I'd have thought that sending to MX with >> TLS, offering a real certificate, would be a good way of saying "yes I >> really am who I say I am". Now if one could say in one's SPF records "I >> have a real cert" we'd be a long way towards sender authentication, >> wouldn't we? > > Problem is, you don't have to have a CA authority sign your TLS > certificate. Anyone can self sign and TLS will accept it.
Unless the recipient were to decide he liked CA-signed certs. This is what I'm angling towards. > DomainKeys is closer to that idea though. I know, but SSL/TLS with CA-signed certs are well-understood and already well-supported in MTAs (including exim, of course). Why not use them for sender authentication? I know nobody does but what's the rationale in favour of DKIM et al over my suggestion? Cheers, John. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
