Doug,
Lead-in problem statement:
,---
| Forgery of headers that indicate message origin is a problem for
users of
| Internet mail.
'---
DKIM is an authentication technique. It authenticate an identity.
Authentication is not needed, unless one is worried about invalid uses of
identities. I think that it is reasonable to call that "forgery".
So the opening statement is factually correct. And it is describes a concern
that is the foundation for pursuing DKIM.
The goal of DKIM.
,---
| The DKIM working group will produce standards-track specifications that
| permit authentication of message headers during transit, using
public-key
| signatures and based on domain name identifiers.
'---
While one could describe signature verification as authenticating the
signature header, this is not addressing the problem statement.
Ensuring that the received headers are the headers that were sent does not
address the problem of forgery?
The fact that DKIM provides a digital signature based on a hash of the message
headers means that, in fact, it is ensuring that any modification to the
headers, after the message is sent, will be detected. Hence, they are
authenticated... With respect to the identity doing the signing.
The
headers which could possibly relate to forgery are _not_ being
authenticated. I find these two statements misleading and not
representative of the DKIM mechanism as currently devised.
I think you are confusing the benefit of closing SOME holes with the desire/need
to close ALL holes. The fact that some forms of forgery are dealt with by DKIM
does not mean it attempts to deal with all forms.
General goals:
...
- Establish accountable domain-specific opaque identifier.
what does domain-specific "opaque" identifier mean? Opaque to who? Compared to
what?
--
d/
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
_______________________________________________
ietf-dkim mailing list
http://dkim.org