I received an off-list request: "Could you clarify what precisely you
are trying to secure?" I fear that perhaps I am still too vague.
When one accepts an email[*], one wishes for some sort of _a priori_
information regarding message trustworthiness. DKIM can vouch for
message authenticity, but not trust. (A valid DKIM signature shows that
selected headers/content have not been forged, but does not vouch for
content.)
If I receive email from someone I trust, there's a good chance it's
something I want. If from someone who someone I trust trusts, there's
still a good chance. As the chain lengthens, trust becomes a bit
dicier.
What I propose is orthogonal to DKIM.
I've also been asked to set up a separate mailing list. I'll do that,
and stop pollu^H^H^H^H^Htrying to elaborate on NANOG.
[*] Discussion limited to one example, but could be expanded.
Eddy
At the moment, this problem can't be solved on an Internet scale, because
there are on the order of 10e8 fully-compromised systems out there. Many
different estimates have been proferred over the years; the most recent
I've seen is from Rick Wesson at Support Intelligence, who offered 40%
as his guesstimate; if there are 800M systems on the 'net, that'd be about
320M. But the exact number is unknowable and in some sense unimportant:
the difference between 128M and 172M doesn't matter for the purpose of
this discussion. And I believe there is widespread concurrence that
whatever the number is, it's going up.
The new owners of those systems can do anything with them they want,
including forging (and cryptographically signing) outbound mail messages
using any SMTP authorization credentials present on it, or any SMTP access
implied by its network location(s). (They can also, if they wish, arrange
to conceal incoming replies to this traffic from the former owners.)
Until that problem's solved (and I don't see any solution for it on
the horizon) then it will undercut any number of interesting approaches
worthy of significant discussion, not just this one. It's the elephant
in the room, and until it's banished, it will keep getting in the way.
---Rsk