[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian.org e-mail address and SPF/SRS

Hi, Matthew Palmer wrote:

> Uhm, having just read through the supplied URL, I can't agree with the
> sanity of the proposal.  It appears to require that headers not be modified
> at all in transit

You can tell it which headers to protect, so that's not a problem.
In theory. Mailing lists do have a problem, but the list forwarder can
always re-sign the message. (It' in the draft.)

I don't like that proposal for a totally different reason: I need
to get the whole message before I can even think about rejecting it.
SPF, on the other hand, I can use as soon as I get the MAIL FROM:.

If I assume the DNS to be not compromised and mailers to be not-open-relay
(as the draft does), DomainKeys gets me precisely nothing, compared to
SPF. However, it'll hurt my bandwidth and my CPU.

Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf@smurf.noris.de

Reply to: