On Dec 15, 7:04 am, Michael Ströder <[EMAIL PROTECTED]> wrote: > Daniel Dreymann wrote: > > > CertifiedEmail is a third- party signature system. First we accredit > > senders to establish wether they are good players with a good email > > reputation. Then, once they are accredited, we certify *individual* > > messages, > > But this initial accreditation is done once.
The accreditation is done once (like a CA) but, unlike a CA, we stay in the loop: we control usage (we dispense the tokens) and monitor complaints in real time (feeds from the mailbox providers) so we can take immediate action and shut down a compromised sender. Simplest example: we can assign a small sender a quota: can't send more than X tokens per period. > > > i.e. senders request > > a "token" which includes our signature for every message they desire > > to send. This provides us with real-time control which is necessary to > > ensure CertifiedEmail is not abused. > > If I understand this correctly this is a privacy night-mare BTW... It isn't: we are not exposed to the content of the message or to the recipient address. A token request includes hash codes, not the entire message in plain text. DTD _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
