From: (and maybe Sender:) header authentication

Brian Candler B.Candler at
Tue Feb 24 15:57:55 GMT 2004

On Tue, Feb 24, 2004 at 03:41:40PM +0000, David Woodhouse wrote:
> > The ISP probably does not want to be responsible for holding the user's
> > *private* key, in which case the end-user's MUA must be responsible for
> > signing the message. Here we move away from an ISP-centric solution to an
> > end-user-centric solution, which has defied widespread acceptance to date.
> If the ISP is doing SMTP AUTH and actually checking the _user_, or is
> verifying usernames against actual live dialup records, the ISP _can_
> use a key which has 'user' trust level. In fact the ISP can have two
> keys for the same domain -- one with each trust level -- and use
> whichever is appropriate for each mail.

[Aside: I don't see the need for two keys. Just a one-bit flag within the
signed message is all that's needed]

> We need to allow _either_ ISP-centric or user-centric signing. 

Sure. But then we are definitely talking about two separate mechanisms:

- the user signs with their own key
- the ISP signs with their user-signing key

because those two keys would be found in two different places in the DNS.

> I think that's reasonable, yes. After all, you don't really want to do
> the verification more than once at the time you receive the mail, do
> you? And you're likely to be online when you _receive_ the mail.

Some people still live in a uucp or fido world, but thankfully not very many



More information about the sender-auth mailing list