ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-15 12:03:53
Is this meant to be a characterization of DKIM exclusive or
inclusive of  SSP?

It looks like a summary of DKIM excluding it's SSP componant. I like this (but maybe I'm all alone here):

    A validated DKIM signature lets you take some reasonable subset
of the message you received and know that it came from a designated source.
    Conversely, an invalid or missing DKIM signature may indicate a message
    which the domain in the FROM header does not authorize.
The main benefits of DKIM are that a validating agent can know where the
    message came from and whether the lack of a valid signature should be
expected or not. This is more reliability than email source identification has
    ever had before.

This is a more comprehensive rendering of all the glories of DKIM as it exists today.

--
Arvel


----- Original Message ----- From: "Scott Kitterman" <ietf-dkim(_at_)kitterman(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Monday, August 15, 2005 10:17 AM
Subject: Re: [ietf-dkim] Not exactly not a threat analysis


...... Original Message .......
On Sun, 14 Aug 2005 22:30:01 -0700 Dave Crocker <dhc(_at_)dcrocker(_dot_)net> 
wrote:
On Sun, 14 Aug 2005 16:42:01 -0700, Jon Callas wrote:
> 1. DKIM makes it easier to detect sender forgery. The three > important
>  kinds of forgery are:
>
 I think I'm in violent agreement with you. I'd state it slightly
differently.


I like your wording enough to suggest that we try to assess support for it
among
the list.

I'm suggesting some minor changes, only to tighten it up a bit:


    There is nothing in an ordinary email message, except for the RCPT TO
line
    and the IP address of the host that sent it to you, that is a
reliable
    identifier. A validated DKIM signature lets you take some reasonable
subset
    of the message you received and know that it came from a designated
source.
    The main benefit of DKIM is that a validating agent can know where
the
    message came from. This is more reliability than email source
    identification has ever had before.


How do folks feel about this characterization of DKIM?

Is this meant to be a characterization of DKIM exclusive or inclusive of
SSP?

Scott Kitterman
_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;





_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;