Security Role:
DKIM's basic mechanism performs simple message signing for any identity
wishing to be held accountable for the message. The security function performed
by the signing is authentication of that asserted identity.
Your list does not offer the possibility of establishing opportunistic
identity schemes that could based upon the selective binding of signed
message identifiers retained locally.
1. I am pretty sure that I have no idea what you are describing.
2. The description I wrote is intended to cover the existing DKIM specification
and its intent. As nearly as I can tell, you are suggesting some sort of
funtionality that is both theorectical -- hence needing to establish community
need and interest -- and outside the scope of the current effort (so far).
>> The SSP mechanism provides the security function of authorization, to
determine whether the sending of unsigned messages is authorized or prohibited.
This can work in conjunction with a host name as was done with the HELO.
It can work in conjunction with lots of things. Are you suggesting changes to
the text I wrote? To the specifications? To the charter?
There would be an inordinately high overhead associated with attempts to
associate mail-box domain authorizations within third-party signed
messages.
What is the "inordinately high overhead" you are referring to?
--
d/
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
_______________________________________________
ietf-dkim mailing list
http://dkim.org