Keith Moore wrote:
Signed content is a verifiable statement that says "Alice wrote this
message" or "Alice authorized this message".
Submission = the act of sending a message to specific recipients.
Signed submission is a verifiable statement that says "I sent this
message to recipients Alice, Bob, and Carol"
Why is it important to know who the recipients were?
IIRC DKIM can't sign envelope fields, and it doesn't clearly
distinguish between author and sender roles.
If it were important, it could easily be added. I don't
understand why it's important. And I don't understand
what is gained by separating roles.
But yes, I think it's feasible to design user interfaces that would
make these distinctions clear to your (or my) mother. I certainly
don't expect users to understand and distinguish the subtle differences
between From, Sender, signer, forwarder, etc. when presented in that
way. But I do think that a future MUA could reasonably do something
like the following when presenting received mail:
a. (default) Message is authored (From) by A, signed by A, and
submitted by A to be sent to your mother. Just show the From field and
perhaps some icon showing that the message was signed.
Ok.
b. Message was authored by A, signed by A, but initially submitted to
some other address and later forwarded to your mother. Show the From
field but also show a highlighted alert that says "this message was not
sent to you by the author of the message, but was forwarded to you by
<address>".
Probably ok, I believe that some MUA's do this now more
or less with Sender (albeit without any assurance).
c. Message was authored by A but signed by someone else. Show the From
field but also show a highlighted alert that says "This message claims
to be written by A but was signed by B".
You just lost My Mother, I think. Well, at least you lost
me because I have no idea how I ought to behave in its
presense.
You are assuming current users, current MUAs, current protocols without
DKIM, current expectations based on these. I'm assuming that new users
and new MUAs will eventually be significant, and that they'll be more
sophisticated. Users do adapt, though perhaps they do so slowly. A
few years ago users would blindly enable cookies in web browsers and
forget about them, now significant numbers of users are periodically
deleting them. Many users change their email addresses periodically so
that they'll get less spam and maintain separate accounts for casual
correspondence between acquaintances, serious correspondence between
close friends, etc. - changing the casual address more often than the
others. Many users have figured out that when sending a message to
large numbers of recipients, it's a good idea to use Bcc so that the
replies don't go to everyone. etc.
You misunderstand: I obviously believe that they have some
possibility of changing their behavior based upon better
technology, but I don't believe that it can be very complicated.
We have to be very, very wary of the law of unintended
consequences as well cognizant as the principle of least surprise.
For example, I'll bet a good amount that Mark/Miles' folks either
did a bunch of testing or never even contemplated putting up
a neutral/negative flag ("Y! has not been able to verify if
this domain sent this message" or somesuch) because of the
potential for help desk meltdown. That might change in the
future of course, but the point is that there's a large
installed base out there so we have to be very careful.
Ok, I just did the SO test in lieu of My Mother and upon
looking at a Sender for this list, sez he "is that your
new thingy?" (meaning, DKIM). Asked if ListId meant anything
to him, "does it have something to do with the Cc?"... so,
I really wouldn't be too hopeful about any expectation that
anybody's going to understand much beyond color codes,
cutsey icons, or very simple text next to the From address.
And again, I certainly don't expect users to sort out this stuff by
looking at message headers. (they couldn't verify the signatures by
looking at them anyway). So yes, cutsey icons and simple text
displayed above the message on a colored background is very much what I
have in mind.
The point I was trying to make is that new identites, etc, confuse
users. The only one I believe they have any understanding of
at all is the From address, and even then it's probably not
right in any deep technical sense.
I'll have to look at it. Maybe we should all try to eat our own
dogfood and use DKIM as much as possible on this list.
Well, DKIM doesn't make it through this list unless you use l=
and z=. :)
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org