Sender Policy Framework

How is strong cryptography any more secure an assertion method than IP address authorization?

(Extracted from the spf-discuss mailing list.)

From the standpoint of the recipient, you can determine that a PGP key belongs to an individual to a degree of certainty that you understand. You know the trust relationship in detail and make of it what you will. It is much more tenuous for designated hosts. A recipient has no way to evaluate the extent to which a host is secure and the strength of the measures used to discourage forgery. Neither does a recipient have any way to evaluate how many machines have submission rights to that host and their level of security.

All a recipient can say is that the return-path domain is verified according to the senders wishes. Those may or may not be congruent with the recipient's wishes, and the recipient can't even evaluate the extent to which that is the case. This is a direct result of the perception that it is far easier and more common to hack a shared host, or another machine that has submission rights to that host, than to acquire someone's private key. It doesn't mean that it actually is easier in any particular case, just that most people believe it to be.

The grade of security of any assertion method only depends on the odds of it being plausibly reproduced against the will of the authority, not on some inherent magical properties.

Saying you possess the secret key corresponding to a public key that was signed by numerous individuals a recipient trusts after verification in person is a much stronger assertion than saying you designate a given host as permitted to send mail on behalf of your domain. In a strong system, the prover makes an assertion that he is actually in a position to prove. A person can prove his identity to a high degree of certainty to others who do not possess special skills, but proving that a given mail host and the network behind it are secure is pretty difficult.

There is nothing magic about cryptography. Frameworks and assertions that you bother protecting with cryptography tend to be strong in the first place. When the base assertion is not readily provable, it may not be worth protecting. In order to validate a sender address, I said you needed "strong cryptography and a system to distribute validation instructions". Necessary but not sufficient. I did not mean to imply that cryptography could turn a weak assertion into a strong one.