On Aug 24, 2005, at 6:05 PM, Dave Crocker wrote:
On Wed, 24 Aug 2005 17:56:55 -0700, Douglas Otis wrote:
It is not the SSP statement that is the problem, but confusion about
forgery protections.
The concern I was responding to was quite clearly stated and
specific in its
focus.
It had nothing to do with forgery protection, but rather the
scheduling of work
on SSP.
After a lengthy discussion with Scott, it is clear he holds
expectations that DKIM's sole role is protecting the mailbox-domain.
This is expressed within the lead-in phrase "Forgery of headers that
indicate message origin". While the signature of the message may
encompass other headers, there is no assured relationship between the
signing domain and whatever may appear within a header 'assumed' to
indicate a message's origin. The lead-in phrase of the charter is
misleading as it does not speak to those uses where there is no
relationship whatsoever between the mailbox-domains and the signing-
domain. Mailbox-domains and the signing-domains being different is
even likely the typical case.
Assuring that there must be a signature within the message begs the
questions:
- how is the domain selected?
- How many exceptions within the selection process is accommodated?
- What type of disruption and overhead will differentiating third-
party signatures necessitate?
- When third-party signing authorization checks are skipped, what
value does DKIM provide?
When the typical case occurs where mailbox-domains and signing-
domains are different, this demands upward tree-walking to find
_possible_ domain-wide assertions which _may_ include lists of
delegated domains for _each_ such message. With this assertion
checking process likely skipped when this added overhead achieves
only minimal protections, there should be some notion of value beyond
the mailbox-domain/signing-domain relationship. This lead-in phrase
for the WG charter could be seen as nonsense especially when over
amplified by misperceptions typified by Scott. This weak premise may
be difficult to overcome.
I restated the charter to encompass those _many_ cases where this odd
and problematic assurance of the mailbox-domain is not touted as the
central role. Who knows, mailbox-domain protections at the MTA could
be dropped in favor of much stronger protections made available by
the MUA using information found within merely DKIM signed messages.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org