Why no network of trust?
Posted Sep 7, 2004 14:53 UTC (Tue) by
forthy (guest, #1525)
In reply to:
So why not use a callback instead? by frankie
Parent article:
Debian rejects Sender ID
It is not obvious for me that you can't add a network of trust to a
SPF-like framework. Like S/MIME or PGP, SPF records would need a signature
(or several signatures, if you like). If you create your domain, the NIC
usually would also sign your SPF record; done. Since domain creation is a
hierarchical situation, tracing signatures back to some known good "root"
signature is not really difficult.
In the end, this does not help bot-based spam networks and worm floods.
Even if you require the user to enter a passphrase for every outgoing
mail, an infected PC could grab that passphrase and send spam and worms
under the name of the victim. However: It is now possible to help the
victim, since you can identify her (or him). Part of the success of
captured computers is that the user doesn't know about it.
(
Log in to post comments)
