Hi,
At 22:30 14-08-2005, Dave Crocker wrote:
The main benefit of DKIM is that a validating agent can know where the
message came from. This is more reliability than email source
identification has ever had before.
The assertion "This is more reliability than email source identification
has ever had before." is not accurate.
In fact, both S/MIME and PGP offer stronger authorship and e-mail source
identification properties than DKIM. And the term "reliability" is not
appropriate either, as the property being described is "e-mail source
authentication".
The assertion should be deleted and revised to say explicitly acknowledge
that DKIM offers a weaker source authentication property than the
alternatives. The text should also say that those parties whose e-mail
security policy need geniune authentication should use S/MIME or PGP.
I should also point out that AFAICT a DKIM e-mail signature does not
protect against the "revolving door" signature identity problem. It
erronously presumes that all DNS registry entities are not the economic
allies or suppliers for spammers. It would be feasible for such a
registrar to automate the domain name generation process on behalf of its
spammer customers. Once such a domain name's reputation becomes tarnished,
it is discarded and the co-conspirator DNS registrar issues a new one to
take its place. I see this attack (and I suspect that there are others
that one can discover) as a fundemental problem with the proposed e-mail
security architecture.
There have been alot of comments on this list to the effect of "key
management is out of scope" unless it is exactly what DKIM already
declares. The DKIM signature scheme is only one architectural component.
Specifying the security processing of the inter-dependent DNS, public key
accredition, public key reputation management, and interaction with legacy
SMTP components is the only way that DKIM can honestly say it contributes
to an integrated and secure Internet e-mail solution.
IMHO, the proposed working group should not charter until that
architectural framework is in hand as a written document (i.e. ready to
become a informational RFC). The IETF review process will assure that the
e-mail threat model is the one the Internet community at large needs to
solve. That threat model may or _may_not_ be the same as the one in mind
of the DKIM advocates. Only with the complete framework exposed can the
security community say with confidence say that the correct threat set has
been handled successfully and DKIM is (or is not) part of that solution.
br,
George
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>