That would be much appreciated. 
- ferg
My paper on Email Security Anti-Spoofing Protection with Path and Cryptographic Authentication Methods is now available at
http://www.metasignatures.org/path_and_cryptographic_authentication.htm
Printable PDF version of the paper (21 pages) is also available -
http://www.metasignatures.org/Path_And_Cryptographic_Authentication.pdf
First parts (part 1-4) are an overview of the various email anti-spoofing technology proposals that were proposed (in IETF or IRTF ASRG) in the last 2-3 years, what email identities they focus on, their interactions and differences in proposals because of that. It should be easy enough for NANOG readers to read and understand even if you're not mail expert.
In part 5, I also go through why none of the proposals are really "anti-spam" and promotion of the methods as such is misleading. There are also chapters
on Accreditation and Reputation (including section on spamhaus .MAIL) and "authorization vs authenticity" question that has been raised by some when criticizing path authentication technologies like SPF - I explain that is really problem for both path and cryptographic proposals and its tied to question on if mail servers are "enforcing submission rights" at mail origin.
Part 6 may or may not be of interest here and is result of my research
presenting proposal on how to use cryptographic signatures to correct
for SPF failures after forwarding and allow for safe rejection based on SPF records.
Note:
Some people reported that PDF version is not readable in all circumstances,
in that case send me note privately when that happens with specs for your system, PDF reader version & OS and I'll try to get an idea of what needs to be corrected. Note that PDF is really just printout of html version
so if it does not work, read the original. In general if you know good
way to create PDF out of HTML for documents such as mine (perfect if it could insert page numbers into table of contents), let me know privately.
No matter how the authors may "promote" their methods, most
people don't perceive that there's any great separation between
anti-spam and anti-forgery techniques. As far as they're
concerned, all e-mail threats are basically the same.
E-mail authentication's promise is that it will improve the
overall state of the global e-mail infrastructure. Chopping
that into smaller bits may be a fun intellectual exercise, but
it doesn't help explain what's going on to anyone outside of
our fairly small technology-focused circles.
In part 5, I also go through why none of the proposals are really
"anti-spam" and promotion of the methods as such is misleading.No matter how the authors may "promote" their methods, most
people don't perceive that there's any great separation between
anti-spam and anti-forgery techniques. As far as they're
concerned, all e-mail threats are basically the same.
This attitude is exactly playing in the hands of DMA which wants to
make it seem like spam is only those UBE with forged origin data.
E-mail authentication's promise is that it will improve the
overall state of the global e-mail infrastructure. Chopping
that into smaller bits may be a fun intellectual exercise, but
it doesn't help explain what's going on to anyone outside of
our fairly small technology-focused circles.
Chopping off complex issue into pieces which can be worked and looked
at separate is exactly the approach that has very often been used in
research, engineering, politics/diplomacy and many other areas.
This is no different and should be easy enough to explain to
non-technical folks.
I'm not describing my own attitude above, so you can stop being
insulting. What I've described is a common perception held by
end-user types. I'm not saying their perceptions are correct,
I'm just saying they exist and shouldn't be ignored.
This is moving further off-topic, so I'll leave it at that.