Re: [ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)

 In the current Internet Mail environment a mail receiver can never be
 sure whether a piece of mail was from the purported author they
 normally associate with the claimed identity. This leads to many
 avenues of abuse.
 A secondary goal of DKIM is to validate a standard identity field,
 such as RFC2822.From or RFC2822.Sender.

 Stating this as a secondary goal appears to contradict the earlier
 paragraph.  I.e.  The earlier paragraph implies that validating
 RFC2822.From or RFC2822.Sender would be a primary goal.


 I agree.



Well, a coherent and not-contradictory thought was driving my writing, but 
Heisenberg got in the way.


The intended thought was that having ANY accountable entity -- where the 
accountability is meaningful -- improves the likely validity of the other 
identity fields.

So, no, I had not intended to make direct validation of From or Sender a 
primary 
goal.



  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net



_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ietf-dkim] How to solve replay with no specification changes, Hallam-Baker, Phillip

Next by Date:

Re: [ietf-dkim] What's a replay?, Dave Crocker

Previous by Thread:

Re: [ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft), Michael Thomas

Next by Thread:

Re: [ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft), Michael Thomas

Indexes:

[Date] [Thread] [Top] [All Lists]