ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Re: dkim service

2005-10-14 01:12:52
from [Amir Herzberg] [Permanent Link] 
Stephen Farrell wrote:



Ned Freed wrote:


Integrity protection is indeed a service, but it isn't the service DKIM
provides. The service DKIM provides is the ability to "assert responsibility for an email message in transit by means of a digital signature." This is how the threats document puts it and while it is not exactly how I'd put it (I prefer the term "accountability" to "responsibility") I'm comfortable with it. 


What do others think of this characterisation of the service dkim is
providing? It'd be good if we did have an agreed term, and these
seem reasonable to me. (I'd also prefer the "accountability" option.)
I agree. In fact, you may want to make signatures only an example, since as argued before, it is a mechanisms not a goal (e.g., in some scenarios a shared key message authentication code may be preferable).
As to accountability vs `assert responsibility`, I think these are dual aspects of the same thing: DKIM signers assert their responsibility for the message, and thereby they become accountable for them. Since DKIM is a service foremost to the signers, I think we should actually use `assert responsibility`, but I definitely am not against using the term `accountability` if there is a better way to use it.
Using signatures just as an example makes it a bit more difficult to express our goal of `no harm` in the sense of putting the DKIM fields in optional header fields... but I think this can be done. 

So a possible opener would end up like (modifying Stephen's last version):

 The DKIM working group will produce standards-track RFCs specifying
how mail agents may assert their responsibility to an email message, e.g. by digital signature, but without requiring any change to, or causing any change in the operation of , other existing mail agents. The responsibility may be limited to (some) 
 message headers as well as (parts of) the message body.

Hope this helps. BTW, I'll be away on vacation (Eilat!) next week.

--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: http://AmirHerzberg.com/TrustBar Visit my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame 
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  on multi-signatures (was Re: [ietf-dkim] Re: dkim service, Amir Herzberg
Next by Date:  signature construct (was: Re: [ietf-dkim] DKIM BOF -- draft charter and agenda), Stephen Farrell
Previous by Thread:  Re: [ietf-dkim] Re: dkim service, Jim Fenton
Next by Thread:  Re: dkim service (was: Re: [ietf-dkim] Charter bashing...), Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]