Hello all,
I'm researching email authentication, and it looks like there is some promise in using cryptographic signatures. Currently there are hundreds of millions of domain names, and tens of millions of domain name owners.
Depending on proposal, email authentication would require between 1 key/domain owner and several keys per domain name (ie, between tens of millions and more than a billion new keys).
One email authentication proposal is DomainKeys. There are others as well. DomainKeys stores the needed keys in the DNS system, but the DNS system is spoofable. Also, this key storage architecture does not allow for trust-signatures, as the key could easily grow in size past the maximum size of a DNS reply packet (512 bytes). In fact it appears that the average key length on the keyservers is around 1.2KB.
A key is nothing without a way to add a trusted relation between this key and the entity you want to authenticate. So I do not think those "solutions" are worthwile. Either you accept mail only from people you know, or you accept mail only from people who paid some established company you have no other reason to trust than te fact this company is "well known".
-- Erwan
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
