Jim -
On 11/7/13 3:27 PM, Jim Popovitch wrote:
On Thu, Nov 7, 2013 at 5:12 PM, J. Trent Adams <jtrentadams@gmail.com> wrote:
should provide an option to participate in as secure communication as possible. Randomly applying security distinctions, to RFC de'jour, is not really helping.
Well, here we disagree. DMARC is far from random (in development since 2007), and it's actually helping. And not just on the margins. We're seeing significant improvement in the real world at Internet scale for millions of our customers. It'd be fantastic to see Mailman trumpet an option that allows those who want to take advantage of it to drop their old, beat-up MLM and join the party.
If you want true message security, then PGP/GPG is the only universal way. If you are just looking to protect the integrity of the pathway, might I suggest that a wrapper around 2 different technologies (one being header reliability and the other being source reliability) is just that... a wrapper (or as I say, a panacea). If you truly wanted secure comms, DMARC would be mandating PGP and going after MUAs....
Here, though, I totally agree with you! After all, I earned my degree in astrophysics, and we modeled everything using perfect theoretical spheres. Sadly, our models always fell short under close scrutiny. . . fortunately, as opposed to physics, the astro variety of the science didn't often come under close scrutiny. Talk about being left off the hook!
That being said, in a more nuanced, complex, messy world, theoretical solutions don't always live up to the promise. So, yeah, it'd be super kewl to ask all our customers (and all the communication channels) to get on the bandwagon with encryption. I've got stacks and stacks of real world data and research that explains why that's simply not viable (today).
DMARC, on the other hand, emerged as an empirical experiment on what works today, in the real world. It was a lot of trial and error until we happened to get the mix right. It's no panacea (it only stops one type of particularly nasty attack), but you're right, it's just a wrapper. Fortunately, it works, so the Lords of Kobol be praised! Finally, some defense against the maurauding Cylons (even though it's a mish-mash of low-tech bits and bobs).
. . . amusingly, this reminds me of the LAN parties we used to have. It wasn't pretty, but the goal was to get the Sinclair to talk to the Commodore using whatever means necessary (air nets were particularly hilarious, albeit incredibly hard on the ears).
but I digress. Yeah, but aren't digressions fun? Happy to continue the conversation off-list so that we don't bore the rest of the crew.
Cheers, Trent
-Jim P.