ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] Not exactly not a threat analysis

2005-08-15 01:34:11
Dave Crocker wrote

I like your wording enough to suggest that we try to assess support 
for it among the list.

I'm suggesting some minor changes, only to tighten it up a bit:


   There is nothing in an ordinary email message, except for the RCPT TO
line
   and the IP address of the host that sent it to you, that is a reliable

   identifier. A validated DKIM signature lets you take some reasonable
subset
   of the message you received and know that it came from a designated
source. 
   The main benefit of DKIM is that a validating agent can know where the 
   message came from. This is more reliability than email source 
   identification has ever had before. 


This is useful, but seems to ignore the discussion that has been surrounding
the fact the signature does not provide assurance about the source - rather
it provides assurance that a specified signing party is vouching for the
message.  The signing party may be associated with the source, or they may
not be.  Accepting the message on the basis of the signature implies
accepting the relationship between the signing agent and the message
originator.


_______________________________________________
ietf-dkim mailing list
<http://dkim.org>