On Thu, 2005-08-18 at 22:41 -0500, Earl Hood wrote:
On August 18, 2005 at 17:01, Douglas Otis wrote:
Is your view in a nutshell (of what DKIM should be): When a domain
signs a message, it is saying, "Here is what I got and transmitted."
DKIM only provides a verifiable trace of a message.
The signature indicates a specific message has been transmitted by a
specific administrative domain, to be held accountable for the access
thereby granted. Additional properties must be premised upon the
governance demonstrated by the accountable domain.
And/or, DKIM should provide verifiability of a message's originating
domain: the initial domain that receives a sender's message for
transmission.
I do not understand what significance you're placing upon "originating
domain." Is this implying a relationship with a mailbox address?
When the initial domain signs a message, it is saying, "Here is what
the domain-authorized sender submitted to me for
transmission."
Again, I don't understand what is implied by "domain-authorized sender."
Is this suggesting a provider must query the domain in a mailbox-address
for a specific "sender" authorization prior to transmitting the message?
DKIM, as now devised, is an example of wanting to extend authentication
into a scheme for divining the nature of the message through some simple
check that never quite works. For example, unless this has changed, the
OA is based upon the Sender when the From has multiple addresses. A
message may appear to be by a candidate and running mate, while signed
by the unseen opposition.
Few run MTAs without a reputation service. Improving this defensive
system in the face of greater fraud, requires a stronger form of
identification. There are several positive aspects obtained by a
strongly authenticated name instead of just an IP address for making
critical decisions whether to accept messages.
For a defensive system to scale, there must be a hierarchy established
where domains are held accountable, and where domains in turn hold
clients accountable. Contrary to this, there have been suggestions a
defensive system could be based upon the evaluations of an individual
message. Also, holding clients accountable does not require a mailbox-
address to facilitate this effort. An opaque identifier added by the
accountable domain is actually far more practical than a mailbox-
address.
DKIM should be devised to work unseen. It must _just_ work. Not almost
work. Don't break things. Don't change what users see. Don't change
what users do. DKIM's goal should be a strong identification system for
a strong defense allowing rapid cessation of rampant criminal activity.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org