Hallam-Baker, Phillip wrote:
You are describing a mechanism and explaining what it may accomplish
in the narrow terms of the mechanism. This unfortunately has
nothing
to do with claims made within the charter regarding header
authentication.
Lead-in problem statement:
,---
| Forgery of headers that indicate message origin is a problem for
users of
| Internet mail.
'---
OK I think we are in agreement here. I think that the charter should be
written in terms of
1) Providing a mechanism whereby an Internet domain name owner can claim
responsibility for an email message
2) Provide a mechanism to allow notification of an Internet domain name
owner's policy for claiming accountability
3) Provide an authentication platform on which TTP providers of
accreditation and/or reputation information can build products that are
tied to a domain name rather than an IP address.
Forgery then falls out of the goals section of the charter, it is simply
an attack that might be attempted.
In saying that, do you think that your #2 policy set includes describing
an authorized set of relationships between use of their domain in
certain header fields (e.g. From:) and the signing domain?
Also, does DKIM provide an authentication platform or an authorization
platform?
Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org