ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] Re: dkim service

2005-10-14 08:00:53
People should not try to define an interpretation policy in this group.

The mail acceptance policies of some large ISPs are rule based systems
with upwards of 10,000 active rules. The purpose of DKIM is to allow
those systems to make the best choic possible.

The real world is complex. Do not cripple DKIM because you want to
pretend that it is simple.

The examples you state are irrelevant because an ISP is likely to have a
policy that is developed and changed in reaction to the developing and
changing attack. In some cases the ISP will reject because of a 419
domain sig, in others a different policy may be appropriate. 

If you know the order of the signatures the receiver can always decide
to only validate the last signature and use that one.



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R Levine
Sent: Friday, October 14, 2005 12:44 AM
To: Jim Fenton
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: dkim service

OK.  Able is on your whitelist.  Charlie is on your 
blacklist.  Now what?

I'm making this up as I go, but I suppose I would accept 
the message:
if someone I trust asserts responsibility for the message, 
that's more 
important than the fact that that someone I distrust also asserted 
responsibility.

But I could equally well decide that even if a friend of mine 
accidentally signed it, I never ever want any mail from a 
place that is known to send only 419 spam.

I think we have confirmed that none of us really know what 
we'd do with multiple signatures.  Is that a problem, or 
should we just say that we'll try to support them with 
unspecified semantics and hope they turn out to be useful?

Personally, I see the point of a DKIM signature as being that 
you know where to pin the blame, and it's not helpful to 
diffuse that. If it were up to me, I'd decree that when you 
sign a message, you MUST discard all the old signatures 
because you're taking responsibility for it.  I don't care 
how the message got to you, it's your message now.

R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org



_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>