[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006



On 21-jul-2006, at 16:41, Francis Dupont wrote:

Authentication is much more important and even that is certainly not
   always required.

=> STARTTLS (the mechanism which encrypts the SMTP session) has
authentication and this doesn't solve what you believe this solves.

Well, not if you turn off authentication:

Received: from laposte.rennes.enst-bretagne.fr ([IPv6:2001:660:7301:3192:211:43ff:fea3:7e4b])
	by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id k6LEfbXD090899
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
^^^^^^^^^^^

There has been a lot of debate on whether having authentication in email will solve the various problems that plague it. It won't solve some (spam will remain to some degree if you want to be able to receive messages from people you don't know) but it will solve others (all those bounces from spam messages that use my domain). But encryption won't help with any of this.