Re: [ietf-dkim] DKIM charter
2005-11-14 17:05:46
At this stage of the game, with substantial consensus on the current
wording, I think we should be making only small, surgical changes than
complete changes in wording.
The ability for the message to be signed by a different domain is
covered by the wording in the first paragraph, "...that allow a domain
to take responsibility, using digital signatures, for having taken part
in the transmission of an email message..."
-Jim
Douglas Otis wrote:
On Nov 14, 2005, at 2:04 PM, Jim Fenton wrote:
Barry,
DESCRIPTION OF WORKING GROUP:
The Internet mail protocols and infrastructure allow mail sent from
one
domain to purport to be from another. While there are sometimes
legitimate
reasons for doing this, it has become a source of general
confusion, as well
as a mechanism for fraud and for distribution of spam (when done
illegitimately, it's called "spoofing").
The parenthetical seems to be a bit misplaced, and might fit better
to the use of the word "legitimate". This might read more easily if
broken into two sentences.
Considering the potential for this statement to be in conflict with
existing practices, perhaps much of the otherwise difficult
justifications can be avoided by restating the intended goals of the
working group. For example, it should be perfectly legitimate for
the From to be signed by a different domain. Otherwise, the
resulting disruptions will likely prevent DKIM deployment. Even
adding just a Sender header has been problematic. How about:
----
Verifying a domain accountable for a message is a problem for users
of Internet mail when deciding whether to accept messages. DKIM
verifies a signing domain name that serves as a basis for trusting
the selected content and headers within a message. The DKIM working
group will produce standards-track specifications that permits
authentication of a domain name associated with the message using
public-key signatures and based upon domain name identifiers. This
specification will also verify that the selected content and headers
were not changed subsequent to the signature.
In special cases, the accountable domain may wish to assure the
recipient that all messages having an originating email-address
within this domain will be signed by the domain. This assurance is
to abate spoofing that has become common for some types of
transactional email. This assurance will be in conflict with current
practices where the purported author is not associated with the
signing-domain. To prevent undue conflict and disruption, the lack
of originating email-address assurances must be considered normal and
fully acceptable, and partial assurances should never be used.
----
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] DKIM charter, (continued)
- Re: [ietf-dkim] DKIM charter, Scott Kitterman
- Re: [ietf-dkim] DKIM charter, Jim Fenton
- Re: [ietf-dkim] DKIM charter, Douglas Otis
- Re: [ietf-dkim] DKIM charter, Scott Kitterman
- Re: [ietf-dkim] DKIM charter,
Jim Fenton <=
- Re: [ietf-dkim] DKIM charter, Douglas Otis
- Re: [ietf-dkim] DKIM charter, Dave Crocker
- Re: [ietf-dkim] DKIM charter, Douglas Otis
- Re: [ietf-dkim] DKIM charter, Hector Santos
- Re: [ietf-dkim] DKIM charter, Barry Leiba
- Re: [ietf-dkim] DKIM charter, Dave Crocker
- Re: [ietf-dkim] DKIM charter, Hector Santos
- Re: [ietf-dkim] DKIM charter, Stephen Farrell
- Re: [ietf-dkim] DKIM charter, Jim Fenton
- Re: [ietf-dkim] DKIM charter, Eric Rescorla
|
|
|