[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

[Jerry Leichter]

>> Lemme see; we've spent 3 decades trying to set up a cryptographically secure DNS
>> to make sure that www.bankofamerica.com (http://www.bankofamerica.com) resolves to an actual instance of a BOA
>> server, ...
> 
> No, it just ensures that the server is under the same control as the bankofamerica.com domain
> name.  As I said in another part of the message you quoted, you can't tell by looking at a
> domain name who owns it.  You can guess, sometimes you guess right, sometimes you don't.
Beyond which, as I'm sure you know, email "domains" are defined by MX records, not even the address records that web addresses are based on.  https://www.bankofamerica.com <https://www.bankofamerica.com/> and email:some at bankofamerica.com <mailto:some at bankofamerica.com> may - and probably do - end up at entirely different places.  (In fact, they do:  The MX record for bankofamerica.com <http://bankofamerica.com/> goes to pphosted.com <http://pphosted.com/> - i.e., ProofPoint, which serves as the mail front end for most large businesses these days.)

                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251004/aec2e213/attachment.htm>