First the example john gives is real, but an incomplete description. VeriSign
is an ESP, the point is that this high trust case is not th most general case,
it is much more common to outsource bulk mailing and this is done today to low
trust providers precisely because there is no authentication in email.
We should not rely on an expectation of low security that we are trying to
change.
Security by analogy and security by comparison fail for well known reasons.
It is always a mistake to use implementation considerations to filter
requirements gathering. Gather the requirements then filter.
I know people think they have code to protect. But at this stage I don't think
ssp will survive unchanged. So why not simplify it while we have the chance?
Especially when we can do so and meet more requirements by doing so.
Sent from my GoodLink Wireless Handheld (www.good.com)
-----Original Message-----
From: John L [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Tuesday, August 29, 2006 05:52 PM Pacific Standard Time
To: Hallam-Baker, Phillip
Cc: DKIM List
Subject: RE: [ietf-dkim] Delegated signatures in real life
Orbitz might not care about the security issues raised by allowing
doubleclick to sign messages on behalf of their CEO and other
executives. Many others will.
Actually, Doubleclick signs for email.orbitz.com, which is not the domain
where the execs have their addresses. If there is some security problem
here, you'll have to explain more clearly what it is.
This is a security area spec, least privilege must apply wherever possible.
Sure, but don't forget that the D in DKIM stands for Domain. The
granularity is domains, not mailboxes. If you want per-mailbox
signatures, DKIM isn't what you're looking for.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html