ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc.

2006-03-16 10:26:26
from [Michael Thomas] [Permanent Link] 
Dave Crocker wrote:

That is flat out wrong. We are right at this moment rolling out our
implementation of DKIM at Cisco. We have no local database. We are
getting utility our of DKIM by insuring our users to some degree
that the From address/domain that they see can or cannot be trusted to
the degree that DKIM makes that trustworthy. Y! and now Gmail from
what I hear are doing the same.
It sounds as if you are imparting more requirements on the phrase "some database" than the term has on its own.
You just described a database of one entry, with a very specific *additional* semantic. This a) requires listing the domain name(s) to be assigned the semantic, and b) the semantic that goes with this. This all goes far beyond the DKIM base specification. 

You've deleted the key word: "local". We have no local database.
We're just using the SSP semantics as defined today. There are
no "additional semantics"; they just the semantics of SSP.
And, as I've raised many times, I do not understand the compulsion to preserve a signature for a message that is re-posted by an automaton user agent, when there is no equivalent expectation of preservation, for a message that is manually re-posted -- such as when I forward a message on to someone else. The architectural role is the same. The semantics are the same. 


This is flat out wrong too. When you forward, you change the From:
address. Mailing lists do not. Therein lies the problem: they are
indistinguishable from random spoofers.
You have confused some details that are different -- some of the time -- with DKIM requirements. Worst is that those requirements are not in the base specification. 

I can see that you're equivocating about "base". I've never claimed
that it was -base alone. It's -base in conjunction with -ssp. And
you still haven't refuted my point. Both you and John would do well
to actually get some real-life experience here.
With respect to the point that I was making, there seems to be no concern whether manual re-posting breaks a signature, but a great deal of concern when that re-posting is by a user-level automaton. 

It has _nothing_ to do with humans and automatons. It has
to do with the purported From: address; mailing lists that
mangle messages are indistinguishable from any miscreant that might
want to spoof your From: address, human or otherwise. I don't
know how to make this more clear, but I'm not sure that it
matters since actual experience seems to count for little to
you.

                Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Michael Thomas
Next by Date:  Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Dave Crocker
Next by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]