It appears that Francesco Gennai <francesco.gennai@xxxxxxxxx> said: >John, > >thank you for your detailed and clear answer. >I would clarify that I don't agree (like many others, I think) to insert DKIM >in the first part of paragraph 7.1. ... John's summary was good but if we back up a few steps, the underlying problem is that mail security is far more compicated and confusing than it seemed when the sentence starting "Real email security ..." was written 25 years ago. One change is that the "end" in end to end has been blurred beyond recognition. In that era we usually read mail using a program on a computer we controlled. If we had cryptographic keys, they'd be stored in a file on our computer that our mail program could read. The end was clearly your mail program. These days most people use web mail or apps managed by mail vendors. I have no idea what the "end" of a webmail session is, and neither does anyone else. The browser? The web server to which the browser is talking? A Javascript app running in the browser? A decade ago Google said they'd provide a PGP plugin for Gmail and Yahoo which as far as I can tell never worked and is abandoned. (You can still see the archived code on github.) Beyond the question of how much you'd trust someone else's downloaded blob of Javascript to manage your private keys, it did nothing to deal with the key management problem, even for your own mail account on two devices. Another big change is that now most mail systems have no idea who their users are. In the 1990s you usually got your mail from your employer, your school, your ISP, or maybe a specialist provider, with whom you had a business relationship. These days most people use free webmail where as we all know if you're not paying, you're the product, not the customer. Ekr noted that mail addresses can be taken away or reassignd at the whim of the domain owner, which has always been true but not like now. Back when you were the customer, if the provider cancelled your account for anything other than non-payment or no longer being an employee or student, that was a serious breach of trust. These days the vast majority of new webmail signups are malicious, and are quickly cancelled when they start doing the malicous stuff, hundreds of thousands of times every day. None of this belongs in 5321bis. It's way too complicated and offers no useful advice to implementors. My preference would be to remove the whole section and replace it with a sentence saying "Real mail security remains a difficult unsolved problem." R's, John -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
