Elliotte Rusty Harold wrote:
> The problem is that all of these or any other client-based solution you
> come up with is only going to be implemented in some clients. Many, and
> at least initially most, users are not going to have any such
> protections. This needs to be cut off at the protocol level.
Rather, the problem is that replacing just one of the many existing
character encodings with an allegedly secure one would only be going
to serve some (rather few!) users. Finding a solution that works with
all character encodings alike, is much more efficient (and is probably
feasable, in contrast to the "solution" advocated by ERH). One possible
solution for the e-mail spoofing problem is kryptographic authentication.
This is independent of the underlying character encoding, and it is al-
ready widely available.
I said 'allegedly secure', because no character encoding standard can
really prevent this sort of spoofing (we had enough examples in this
thread, based on bare ASCII). Trying to find a spoofing-proof character-
encoding is comparable to the task of finding an alphabet that does not
allow to spell any insults.
Best wishes,
Otto Stolz
This archive was generated by hypermail 2.1.2 : Fri Feb 08 2002 - 04:16:47 EST