On Nov 18, 2005, at 7:45 AM, Michael Thomas wrote:
Douglas Otis wrote:
The problem related to a correlation of the signing-domain with
that of the email-address represents a general loss of freedom
That's entirely intentional; this is a feature, not a bug. Frankly,
I don't know how you can prevent receivers from making this sort of
association unless you're saying we shouldn't do DKIM at all.
And the title of this thread is bogus.
Consider an alternative that provides the same effect, but without
having to directly authorize anything. Saying someone can authorize
third-party signers would be at their peril, when not allowing third-
party signers is considered to provide greater protection. There
are already schemes in place that will hold the email-address domain
owners accountable for junk their "authorization" permitted. It will
not take very long for there to be only this option available, except
that it breaks things. : (
An alternative would be to use binding recognition. Some of this can
be done at the MTA and provide the same effect as the 'o=!' policy.
This should not be difficult for "high-value" domains to meet the
requirements for automatic bindings. Binding recognition done at the
MUA allows for alerts on items that appear as possible spoofs of
important correspondents. These important correspondents would have
bindings retained upon request or, in some cases, automatically.
This would mean domain owners can breath more freely about look-alike
domains being a problem and wondering what puny-code will do to their
customer's trust of the system. This is the reason for the title of
the thread and I don't think it is a bogus concern.
A good aspect of this binding approach is the signing-domain is the
only entity being trusted. The signing-domain is the entity that can
take corrective action. The signing-entity should be held
accountable for problems. Never should the email-address be
considered the trusted entity or held accountable. We both arrive
with a similar feature set, but where the signing-domain is clearly
in charge.
Consider how this can work. The binding approach offers some
interesting features not possible with an out-of-band policy
approach, while at the same time gets rid of the eye-test.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org