UCE - a simpler approach using just digital signing?

[Sascha Silbe]

On Fri, Jan 30, 2009 at 01:47:23PM -0800, Ray Dillinger wrote:

> Each time Fred gives out his email address to a new sender, he creates 
> a trust token for that sender.  They must use it when they send him 
> mail.
That's basically what I'm using, just without the digital signature 
part: each person/organisation/website/whatever gets a different email 
address for communicating with me (qmail makes this easy to implement); 
mailing list and bugtracker addresses are filtered to accept only mail 
with the correct headers.
It works much better than content filters, but it's basically limited to 
1:1 communication (with a mailing list looking like a single entity as 
it forwards traffic both ways). Most importantly, it breaks for CC 
parties (*). Address lists on paper given out to a large number of 
participants are problematic as well (those utilizing paper lists are 
mostly non-tech-savvy - thus prone to attacks - and changing the address 
is hard due to the long update interval of the list).

To get on-topic again:
Another scheme (that could be combined with the above one to solve only 
the CC party problem) would be accepting only PGP mail and use a 
manually updated whitelist / web of trust of PGP keys. Unfortunately, 
PGP still isn't widespread enough to reject non-PGP mails and the ones 
not using it are often far more susceptible to address harvesting 
malware, limiting the usefulness of such a filter.


(*) CC party: group discussion without predetermined participants (so no 
mailing list could be set up in advance)

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20090131/3309270a/attachment.pgp>