On August 15, 2005 at 15:49, "Arvel Hathcock" wrote:
DKIM either needs stronger binding semantics, or
it needs to limit when signing can be done.
I think DKIM deals with this correctly right now. Binding to the
RFC2822.From header is not required BUT when it's missing an SSP check is
performed to discover and enforce the wishes of the domain owner.
IIRC, an SSP check is done against the "Originator Address". This is
either the rfc2822.from or rfc2822.sender. It is not against the
signer's domain. Past discussions about SSP checks have lead to the
possibility of an SSP check always being done, even when a signature
is cryptographically valid. I do not think any solid conclusion
has been made on this (yet).
BTW, you left out a key statement when quoting me that qualifies
my statement. Mr. Otis mentioned "the permitting the submission of
the message." However, a DKIM signature can be generated by someone
else besides the originating domain, depending on OA SSP policies.
Therefore, the signer may not be domain that initally accepted
message into the mail transport system. This type of signature
claims a different type of responsibility than, "the permitting the
submission of the message."
Also see comments (separate posts) about just wanting to sign
transmission headers, if this something DKIM is to be used for.
DKIM currently does not support this well since all signatures are
bound to the OA.
Therefore, the scope of who and when DKIM signatures are created either
need to be limited, or richer binding semantics must be provided to
support some of the usage scenarios that have been mentioned.
ietf-dkim mailing list