,---
| 1. Introduction
| ...
| Once the attesting party or parties have been established, the
| recipient may evaluate the message in the context of additional
| information such as locally-maintained whitelists, shared reputation
| services, and/or third-party accreditation. The description of these
| mechanisms is outside the scope of this effort. By applying a
| signature, a good player enables a verifier to associate a positive
| reputation with the message, in hopes that it will receive
| preferential treatment by the recipient.
'---
As related to the goals established within the introduction, perhaps
there could be a section on issues related to the establishment of
trust based upon the DKIM signature. This added section could deal
with issues related to MUA keys, or a population of users within a
domain where it is not practical to implement a level of vetting
needed to retain trust (a positive reputation). This issue of trust
is important, as perhaps the only _safe_ indication that can be
conveyed to the recipient would be whether the domain has a
trustworthy reputation.
An indication that an email-address is within a signing-domain can be
obtained by any bad actor. Reliance upon a "within the signing-
domain" indication necessitates perilous examinations of the email-
address and knowledge of the domain name hierarchy. Conversely,
marking a message as "trustworthy" based upon the reputation of the
signing-domain could not be obtained by any bad actor and does not
require careful examination of the email-address. There could be
standards established for trustworthy lists where the signing domain
must also have a CA Certificate suitable for commerce, for example.
A message being marked as Trustworthy should require two elements:
- Good Reputation of the signing-domain's trustworthiness
- Specific assertion by the signing-domain the message is trustworthy
This added signing-domain assertion could enable critical
communications from key personnel within the domain to send messages
marked as trustworthy to users within the domain. However, untrusted
users within the domain (perhaps using a free email account) could
(and should) be excluded from having their messages marked as
trustworthy. This would shield these domains from the actions of
poorly vetted users, while still retaining an ability to have
critical messages receive a "trustworthy" marking. Large
institutions may also desire a means to segregate messages from
contractors or temporary workers to further ensure their trustworthy
reputation is protected. Perhaps users with a delegated private key
within their MUA would be excluded from receiving a trustworthy
marking due to the prevalence of compromised systems. The signing-
domain assertion of trustworthiness could be a binary flag within the
DKIM Key, for example.
It is not practical to attempt to compile reputations for an
unlimited number of email-addresses or messages signatures. However,
by allowing the domains to exclude less trustworthy users,
independent of the email-address, would allow a simple list of
trustworthy domains to be maintained. The same email-address may be
trustworthy when signed by the MSA, but not when signed by the MUA,
for example.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org