ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-23 18:10:56
from [Earl Hood] [Permanent Link] 
On August 23, 2005 at 10:09, Ned Freed wrote:


It seems to me that the underlying disagreement here has to do with the
term "signature". In DKIM signatures are nothing but a means to an end:
They provide the means of attaching an accountably identity to a specific
message.


I am uncertain about the use of the term of "accountability".  It opens
up a can of worms on what the levels of accountability will be and
what will be the enforcement policies to insure accountability.

If the DKIM specification explicit states that it provides an
accountable identity for a message without mentioning what is
involved for being accountable, then you may get adoption problems.

What DKIM can do is provide a domain-level identity authentication
of domains involved in the transmission of mail.  With a reliable
domain-level authentication framework, more reliable reputation,
accreditation, and other trust-type systems can be developed to deal
with abusive mail practices.  Real accountability is defined by these
trust-type systems, not DKIM.

To better facilitate the functioning of these systems, the role of the
signer should be captured.  Should a forwarder (e.g. college alumni
permanent address service) have the same level of accountability as
the originating domain (the domain that received the initial submission
of a message)?

It may be sufficient to just capture if the signer is doing a "here is
what I saw" signature and a "i'm the originating domain signature".
This will allow the laying of "blaim" more appropriately based upon
the role the signer plays.

Without capturing the role of the signers, entities will be hesitant
to implement DKIM until they know exactly what the accountability
framework is and the level of accountability taken upon the signer.


Frankly, if there were some other means of performing this sort of
attachment I would be in favor of using it, because people persist
in conflating "signatures the cryptographic tool" with "signatures
as a service". DKIM isn't supposed to provide a general content
signing service, or a general nonrepudiation service, or any of
the other myriad things that can be built on top of "signatures the
cryptographic primitive". The service DKIM provides is the attachment
of an accountable identity to a specific message. Nothing more and
nothing less.


What does it exactly mean to be an "accountable identity"?

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, John Levine
Next by Date:  Re: [ietf-dkim] Re: SSP and DKIM, was Not exactly not a threat analysis, John Levine
Previous by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]