Re: Authentication and email

[Paul Hoffman / IMC <phoffman@imc.org>]

At 5:15 PM +0200 1/28/03, Gonzalo Camarillo wrote:
> And after giving them those speeches, we come back "home" to the IETF
> and say that email security is undoable for our mailing lists for some
> reason... it seems that MUSTs, SHOULDs and security considerations
> sections do not apply to us ;o)
This is an absurd argument. The security you are trying to achieve in
3GPP is completely unrelated to spam prevention.

I assume that anyone who is advocating using S/MIME or PGP for
spam-reduction has never used either protocol on a daily basis for
mail filtering. And I say this as one of the strongest public
proponents of those protocols. S/MIME and PGP are used for
authenticating the content of the messages, not for authenticating
the sender. If that doesn't make sense to you, please go read the
protocols: they're all on standards track and have been for many
years. Summaries and links to the RFCs can be found at
<http://www.imc.org/smime-pgpmime.html>.

--Paul Hoffman, Director
--Internet Mail Consortium