ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] linkage between "originator" and "handling agent"

2005-08-17 09:07:26
from [Dave Crocker] [Permanent Link] 
 In other words, it is starting to look as if the mechanism for enforcing
 originator/handling linkages needs separate focus from techniques for
 performing authentication.


 I am trying to figure out "what you are thinking?"


My note stated, as clearly as I can, what I am thinking.



 If the latter, then I believe you need to be straight here on your overall
 goals.


Once again, you are seeking to take the group discussion to an ad hominem 
focus. 

Please stop attempting to discuss people's motives or biases.



 Can you clear this right away?  I can see why you may not want to make it
 harder for standards track issues.  But it will help to know what are the
 "long range" plans.


My long-range plan is to get the group chartered and to have the group produce 
a 
useful standard as quickly as possible.  

Therefore, my long-range plan is to seek near-term utility with a minimum of 
project management risk and the lowest possible barriers to adoption and use.



 Dave, lets imagine that DKIM becomes the standard tomorrow and we begin to
 receive DKIM messages.   We were not DKIM aware yet, but now we see a bunch
 of emails with DKIM signatures.   So we begin to explore DKIM.

 The first thing we notice that there are a much of DKIM signed messages
 purporting to be SIGNED from domains which have NO Policy defined or
 conflicting signing policies?

 How do you expect us to handle this?


In fact the main reason that I question the need to have most/any of SSP --in 
the *first* round of standardization -- is that there is quite a bit of utility 
in exactly the scenario you describe:  A message arrives with a signature.  
*ANY* signature.  There is quite a bit of useful information derived from 
validating that signature, or having the signature fail validation.  

There is *MORE* useful information if the validator can know that the signature 
ID is "authorized" by the rfc2822.From domain administrator, but that 
information is not essential for creating an initial base of utility.

The observation that requiring linkages between identifiers and requiring 
domain-wide signing simply follows from this, and noting that we seem to have 
3-4 current examples of independent attempts to solve these problems.  

Multiple solutions to the same problem impedes Internet-wide interoperability.

  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net



_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Exactly not a threat analysis, John R Levine
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] linkage between "originator" and "handling agent", Hector Santos
Next by Thread:  Re: [ietf-dkim] linkage between "originator" and "handling agent", Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]