Part of the idea that DKIM seems to propose is that more than one
party can potentially sign a message. For instance, an author
might sign a message, or a list might sign the same message. But
different parties mean different things when they sign the message.
If the author signs a message, it means "I wrote this". If a list
signs a message, it means "I sent this".
But DKIM never gives an assertion of authorship (use PGP or S/MIME
for that). Even if there is a valid signature that is associated
with the origination address, it means "the supposed author's domain
authorized this message".
...which is so vague as to be essentially useless.
If the signature is not vouching for the authenticity of the content,
and it's not vouching for transmission of the message to any particular
recipient, what good is it?
What standard should a domain require before "authorizing" a message?
That it's suitable for any recipient who might somehow find it in his
mailbox? (I doubt it)
Should a domain penalize itself by refusing to "authorize" any message
that might, somehow, end up in the mailbox of someone who didn't want
to receive it (and thus subject such messages to filtering even though
they were sent for a legitimate purpose)? Or should a domain penalize
itself by "authorizing" all mail that it actually intended to send or
resend - even though that may harm its reputation? (For an organization
that sends lots of mail, change "may" to "will".)
Or should an enterprise have multiple domain names, and choose which one
to use as a signer based on the perceived risk to its reputation
associated with having it escape into the wild?
This goes to what we have been very generically calling first-party
and third-party signatures. The original submission of a message
would normally result in a first-party signature from the supposed
author's domain. A mailing list would apply a third-party signature,
which can be distinguished by the fact that i= does not match the
originator's address.
There are lots of reasons why i= might not match the originator's
address, even if the originator actually authored the message.
There are other circumstances where third-party signatures would be
applied as well, but I can't think of why it would be significant
whether the third-party signer is a mailing list, some other
resender, or a greeting card or something.
When evaluating a signature, I think the recipient generally cares about
one of two things: who wrote the message and who sent the message to his
mailbox. The first tells him whether the message is authentic; the
second tells him who to blame for sending him a message that he didn't
want to receive. In the second case, I don't think it matters too much
whether the signer is a mailing list or some other kind of resender -
except that in the case of a mailing list it might not be feasible for
the list to sign "I sent this message to X" for each recipient X.
BTW, a good reason for the local-part on i= is that it if the
original purported author and the mailing list are in the same
domain, it's still possible for the list to apply a signature and not
have it look like a first-party signature.
Is there other significance to signature semantics that is needed
that is not conveyed by the comparison of i= to the originator
address?
Yes. i= does not distinguish between authoring and transmission.
Keith
_______________________________________________
ietf-dkim mailing list
http://dkim.org