ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] over-the-wire (in)compatibility between pre-IETF DKIMand (eventual) IETF DKIM

2005-10-18 16:59:43
This behavior raises a security problem since such
senders will go with policies that lean towards
delivery versus potential security threats.

If I'm understanding you rightly you are arguing against the o=~ or "relaxed" policy provisions in SSP right? I don't view the use of those policies as a security problem. Rather, they are the exercise of deliberate choice on the part of the sender. You said yourself "a primary concern of mail senders is to make sure the mail send out gets delivered" and similarly in another place "senders tend to lean towards delivery at all costs, despite the risks." Is your position that we should deny senders these rights? Remember, it is the more relaxed policy options which you argue against that provide for the exercise of these "primary concerns" while still allowing a signer to assert responsibility. It is not a security problem for DKIM when it asserts "signatures from me can not always be expected". Use of o=- or o=~ is a matter for DKIM signers to decide; it is not a matter for the specification documents to decide. This is my view on this topic.

--
Arvel



_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>