ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-18 11:06:42
from [Douglas Otis] [Permanent Link] 

On Nov 18, 2005, at 7:45 AM, Michael Thomas wrote:


Douglas Otis wrote:
The problem related to a correlation of the signing-domain with that of the email-address represents a general loss of freedom 

 That's entirely intentional; this is a feature, not a bug. Frankly,
 I don't know how you can prevent receivers from making this sort of
 association unless you're saying we shouldn't do DKIM at all.

 And the title of this thread is bogus.
Consider an alternative that provides the same effect, but without having to directly authorize anything. Saying someone can authorize third-party signers would be at their peril, when not allowing third- party signers is considered to provide greater protection. There are already schemes in place that will hold the email-address domain owners accountable for junk their "authorization" permitted. It will not take very long for there to be only this option available, except that it breaks things. : (
An alternative would be to use binding recognition. Some of this can be done at the MTA and provide the same effect as the 'o=!' policy. This should not be difficult for "high-value" domains to meet the requirements for automatic bindings. Binding recognition done at the MUA allows for alerts on items that appear as possible spoofs of important correspondents. These important correspondents would have bindings retained upon request or, in some cases, automatically. This would mean domain owners can breath more freely about look-alike domains being a problem and wondering what puny-code will do to their customer's trust of the system. This is the reason for the title of the thread and I don't think it is a bogus concern.
A good aspect of this binding approach is the signing-domain is the only entity being trusted. The signing-domain is the entity that can take corrective action. The signing-entity should be held accountable for problems. Never should the email-address be considered the trusted entity or held accountable. We both arrive with a similar feature set, but where the signing-domain is clearly in charge.
Consider how this can work. The binding approach offers some interesting features not possible with an out-of-band policy approach, while at the same time gets rid of the eye-test. 

-Doug


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Arvel Hathcock
Next by Date:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John R Levine
Previous by Thread:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Michael Thomas
Next by Thread:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]