>Neil Williams writes: >How do you guarantee that From: cannot be spoofed - it sounds like you are
>delegating that to the individual ISP / domain holder. I'm concerned that the >domain is too blunt as an instrument against spam and that it will remain >easy to send spam from: aol.com and hotmail.com. Even if someone does >compromise the AOL terms and conditions, users cannot ignore all email from >that domain - it's simply too large - so I could not set the aol.com key to >be untrusted or unwanted. > >This could prejudice small domains, userspace domains, unfairly. The big >domains would trivialise the signature because you could not discriminate >between your AOL friends and the AOL spammers. If a particular domain holder >with lots of accounts is tardy or just inefficient in booting off people who >abuse their terms, the user is left with a useless "validation" because the >user cannot distinguish between users at the domain. I don't mean to butt into the conversation, but it sounds like you're missing the whole point. The whole purpose of this is that it eliminates spoofing of the domain name. It doesn't matter if there's 1 user or 1 billion users behind aol.com (or johndoe.org) if the mail says it's the from domain xxx.org you can be sure it IS from xxx.org not 11.22.33.44 spoofing to be xxx.org (apologies to the holder of that IP address, as this is a purely hypothetical example) Radu's question is then, "will the keyserver model scale to hold keys for X billion domain names?" ----------------------------------------- ************************************************************************ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ************************************************************************ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
