[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Anti-spam news article / S/MIME Gateways
I think we're on the same page here. I don't see a need for major changes
in the signature format (although the semantics change), but the key
distribution mechanism is very important.
-ben-
> From: "Trevor Freeman" <trevorf@xxxxxxxxxxxxxxxxxxxxxx>
> Date: Thu, 24 Jun 2004 10:42:01 -0700
> To: "Ben Littauer" <littauer@xxxxxxxx>, <ietf-smime@xxxxxxx>
> Subject: RE: Anti-spam news article / S/MIME Gateways
>
>
> Hi Ben
> I agree there are issues with the trust mechanisms etc. Domain signing
> is a good idea. What has that to do with the format and encoding of how
> you sign a message? What part of CMS is so horribly broken that we need
> another signature format?
> Trevor
>
> * -----Original Message-----
> * From: owner-ietf-smime@xxxxxxxxxxxx
> [mailto:owner-ietf-smime@xxxxxxxxxxxx]
> * On Behalf Of Ben Littauer
> * Sent: Wednesday, June 23, 2004 6:34 AM
> * To: ietf-smime@xxxxxxx
> * Subject: Re: Anti-spam news article / S/MIME Gateways
> *
> *
> * There's scalability and there's scalability.
> *
> * The problem with desktop to desktop PKI is both the directory problem
> * (i.e.
> * key discovery and distribution) and the administration problem
> (issuance,
> * renewal, and revocation of certificates). Domain-level PKI reduces
> the
> * scale of both problems by several orders of magnitude. Solving the
> domain
> * level problems first will perhaps give some clue to the mechanisms
> * required
> * for the desktop implementation, should it ever become required.
> *
> * -ben-
> *
> * > From: "Trevor Freeman" <trevorf@xxxxxxxxxxxxxxxxxxxxxx>
> * > Date: Tue, 22 Jun 2004 11:15:39 -0700
> * > To: "Craig McGregor" <Craig.McGregor@xxxxxxxxxxxxxxxx>, "Russ
> Housley"
> * > <housley@xxxxxxxxxxxx>, <ietf-smime@xxxxxxx>
> * > Subject: RE: Anti-spam news article / S/MIME Gateways
> * >
> * >
> * > Hi Craig,
> * > While I understand you comments about closed groups. The real
> problem
> * > with scaling beyond closed groups is, as you point out, trust
> * > mechanisms. What I fail to see is why we need a different signature
> * > format to deploy a more scalable trust mechanism.
> * > Trevor
> * >
> * > * -----Original Message-----
> * > * From: owner-ietf-smime@xxxxxxxxxxxx
> * > [mailto:owner-ietf-smime@xxxxxxxxxxxx]
> * > * On Behalf Of Craig McGregor
> * > * Sent: Monday, June 21, 2004 8:12 PM
> * > * To: Russ Housley; ietf-smime@xxxxxxx
> * > * Subject: RE: Anti-spam news article / S/MIME Gateways
> * > *
> * > *
> * > *
> * > * >Tumbleweed Chief Executive Jeff Smith says there's a lot of
> * > * misunderstanding about
> * > * >S/MIME, because it was created as a desktop encryption
> technology. He
> * > * argues it's
> * > * > also simple and cost-effective to use as a gateway
> authentication
> * > * technology, and
> * > * > that its quality advantages make it the best choice. Tumbleweed
> * > would
> * > * like to work
> * > * > with Yahoo to merge their technologies.
> * > *
> * > * S/MIME gateway software in the context of a 'closed-community' is
> a
> * > * proven method of authenticating the sending domains of e-mail
> messages
> * > * and has been effective at blocking increased volumes of spoofed
> e-mail
> * > * messages (providing they were sent from a participating domain).
> And
> * > of
> * > * cause using S/MIME encryption protects one from in-transit
> * > eavesdropping
> * > * too!
> * > *
> * > * Applying what is quite managable in a 'closed-community' for an
> * > * Internet-wide deployment would be somewhat more challenging
> though.
> * > * Particularly around certificate deployment, trust-chains and
> * > * auto-discovery (assume DNS for internet-wide; a 'closed-community'
> * > could
> * > * use LDAP). I think that is why domain keys proposes to trust DNS
> data
> * > as
> * > * being authorative without any further validation.
> * > *
> * > * Craig.
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * > *
> * >
>