RE: revised Proposed Charter


Jim Fenton wrote on 23 July 2005 7:20 a.m.

Can we have more discussion on the sufficiency of message 
signatures by themselves to do something useful?


Message signatures (with the key coming from a DNS RR) by themselves provide
an assertion that the message was sent by a person/organisation that had
control over:
1) the DNS for the sending domain (if the key came from an authoritative DNS
server), or
2) the injection of a key record into a DNS cache if the record came from a
non-authoritative server

It is possible for a receiving gateway to build its own trust or confidence
in such signatures by checking the thumbprint of a retrieved key against a
locally stored copy of the thumbprint to detect changes in the key.  If the
key doesn't change then the level of confidence/trust will rise over time.

There are also many other mechanisms to build trust on top of a message
signature, using independent communication paths (eg X509 certs from trusted
third parties, or HTTP lookup of thumbprints).  The confidence/trust
obtained in this way adds to the signature, but does not fundamentally
change it.

Use of any of these mechanisms should be a matter for local policy and
implementation.  Local policy may of course require that a specified level
of trust exist in the signature before the message can be used for a
particular purpose, but that has little to do with the basic message signing
mechanisms (except to the extent that the canonicalisation algorithms permit
changes that can devalue the trust that would otherwise exist).

It can be useful perhaps, to relate consideration of this issue to physical
mail delivered by post.  Many letters are useful and trusted, though we have
never seen the signature or letterhead before.  Any on-going conversation
via letter will build trust in the other party.  If there are doubts, the
recipient can use the supplied information to verify the authenticity of the
message (eg ring the organisation concerned and speak to the named person).

I therefore suggest that valid message signatures are by themselves useful.


James

<Prev in Thread]	Current Thread	[Next in Thread>
Re: revised Proposed Charter, (continued) Re: revised Proposed Charter, Jim Fenton Re: revised Proposed Charter, william(at)elan.net Re: revised Proposed Charter, Douglas Otis Re: revised Proposed Charter, Dave Crocker Re: revised Proposed Charter, Andrew Newton Re: revised Proposed Charter, Dave Crocker Re: revised Proposed Charter, Andrew Newton Re: revised Proposed Charter, Earl Hood Re: revised Proposed Charter, Jim Fenton Re: revised Proposed Charter, Arvel Hathcock RE: revised Proposed Charter, James Scott <= Re: revised Proposed Charter, Earl Hood RE: revised Proposed Charter, James Scott RE: revised Proposed Charter, william(at)elan.net QUERY: Key Server Choices, Dave Crocker Re: QUERY: Key Server Choices, Ned Freed accreditation, Michael Thomas Re: accreditation, Dave Crocker Re: accreditation, Michael Thomas Re: QUERY: Key Server Choices, Arvel Hathcock RE: QUERY: Key Server Choices, Dennis Dayman

Previous by Date:	Re: Domainkeys TM (was Re: DKIM - Selector), Jim Fenton
Next by Date:	Re: revised Proposed Charter, Sam Hartman
Previous by Thread:	Re: revised Proposed Charter, Arvel Hathcock
Next by Thread:	Re: revised Proposed Charter, Earl Hood
Indexes:	[Date] [Thread] [Top] [All Lists]