On Sat, 2005-08-20 at 18:58 -0500, Earl Hood wrote:
On August 19, 2005 at 17:23, Douglas Otis wrote:
In your view, if all the domains do DKIM signing, are all the
domains equally accountable (or claiming equal accountability),
regardless the role they play?
In my view, if there is already a signature, and the only item being
changed is the RCPT TO, then the optimal behavior would be to leave the
message as is. This would mean the originating domain retains their
accountability. Those that change the message should resign or endure
an IP address based form of assessment.
It appears your discussion of accountability is really something that
sits on top of DKIM, since trying to standardize "accountability"
seems impractical.
I do not understand what you mean by standardized accountability.
Either the domain permits and can stop abusive behavior, or they can
not. Being held accountable reflects this simple expectation. DKIM
goals should ensure this remains a reasonable expectation.
Are all you asking for, at the DKIM specification level, is for DKIM
to provide a domain-based message signing specification indicating
"here is what I am transmitting out"?
There is also the aspect of expecting this domain to retain control of
the authorization provided by way of the signature. Signatures, offer
both a benefit and a potential problem, with the ability to be replayed.
An expectation of accountability should include an ability to remove the
authorization for messages reported as abusive. Waiting the expiry
period will likely be ineffectual as a means to limit abuse.
Things like anti-spoofing and anti-forgery should not be part of DKIM?
Attempts to directly address anti-spoofing with DKIM risks creating
problems that may limit wider deployment. Already there is the problem
with From -> Sender, and per user-keys due to expectations the signature
is bound to some mailbox address. Both of these issues entail a fair
amount of risk. Unfortunately these efforts may only increase
recipients susceptibility, rather than the intended protections.
Unless there is agreement DKIM does not directly deal with problems of
falsified mailbox addresses, there will be ever greater complexity and
overhead added. This feature creep will be detrimental to benefits
related to message accountability. All of this concern is resolved when
the accountable domain is displayed by the MUA. So why create risky
complexity?
By authenticating the HELO, name based reputation could substantially
replace IP address based reputations.
Are you referring to an SPF-like system here?
Authenticating the HELO is simply a weaker IP address equivalent of a
DKIM signature, but which is not carried securely forward with the
message. In my view, both provide the administrative domain that can be
held accountable. As signatures can _never_ offer resource protection,
the use of the HELO can offer resource protections when applying the
same acceptance criteria as used for DKIM.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org