ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: New Issue: Threat-00 Limiting the scope of trust

2006-02-14 16:18:21
from [Douglas Otis] [Permanent Link] 

On Feb 14, 2006, at 2:17 PM, Hector Santos wrote:
Verifying the HELO would be analogous to checking a wax seal on an envelope.
First, "Wax Seals" are user based and optional. The HELO Client Domain Names (CDN) are not. 

A verifiable HELO is optional.
Second, the HELO CDN would be more analogous to the postal service postmarks indicating the time of processing, postal office, location, etc, that handled the processing and delivery of the parcel.
Verification of the HELO in conjunction with an association to the signing-domain is a means to discern the integrity of the message envelope. Both the HELO and signing-domain are not related to a third-party identification akin to that of a post-office postmark. The trust established by DKIM is for the prefatory domain, independent of the message envelope or any email-address. An verified HELO associated with the signing-domain provides an assurance the message envelope has been obtained first-hand, and thus has not been altered (analogous to the wax seal).
The realistic fact most people don't bother to look at it, or if they did, probably couldn't make heads or tails with the information, it is extremely close, if not exactly equivalent to how worthless the SMTP client domain name has become today.
A DKIM signature increases the value of a verified HELO, and conversely, a verified HELO increases the value of a DKIM signature. Delayed acceptance as a practical strategy might also offer motivation for ensuring the HELO can be verified and associated with a signing-domain.
To put trust behave it (HELO), it would be akin to having the same trust when using a registered or certified mail. Without it, having the postmarks won't tell you how many "hands" outside the portal service touched the letter.
An association of the HELO with that of the signing-domain indicates the message envelope is being obtained first hand. The HELO is not analogous to that of a postmark, the received header added by a recipient would provide a better comparison to that of a postmark. 

-Doug



_______________________________________________
NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: New Issue: Threat-00 Limiting the scope of trust, Hector Santos
Next by Date:  [ietf-dkim] New Issue: TLD key publication and signing, Markley, Mike
Previous by Thread:  Re: [ietf-dkim] Re: New Issue: Threat-00 Limiting the scope of trust, Hector Santos
Next by Thread:  Re: [ietf-dkim] Re: New Issue: Threat-00 Limiting the scope of trust, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]