ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Proposal for specifying syntax andsemanticsformultiple signatures

2006-04-03 07:21:38

----- Original Message -----
From: <Bill(_dot_)Oxley(_at_)cox(_dot_)com>


The new found unchecked DKIM junk will always be with us.

And if DKIM is expected to be adopted, those new found unchecked DKIM junk
numbers are expected to be high.   Its quite simple:

  DKIM-BASE RULE:

  - Mail Has DKIM-Signature Header:

        VALID   -->  PASS TEST
        INVALID -->  IGNORE/CONTINUE

  - Mail has no DKIM-Signature Header:

        CONTINUE

So you have two types of continues:

    CONTINUE-DKIM-FAILURE
    CONTINUE-LEGACY

Our problem in the SMTP industry is that we can not make heads and tails
with legacy operations.

DKIM helps raised the bar. Its a new level of expectations. If a message has
a "purported" signature, abeit a failed one, this is not a LEGACY
operations.  This would be a new era of incredible and valuable information
that can be used to help protect the exploitation of domains. In short, it
is fundamentally illogically to suggest in the SMTP world:

   CONTINUE-DKIM-FAILURE is equal to CONTINUE-LEGACY

DKIM base is not about determining acceptance policy, its about
identification of where the mail was handled last.

So its a TRACE system now?

SSP is an authentication methodology, not part of the base.

Hmmm I believe the technical model is closer to:

 1) DKIM is an Authentication concept because it help validate
    the integrity of the message object.

 2) SSP is an DKIM signature Authorization policy concept.

The DNS server is your public central server. The idea is that the bad guy
does not have WRITE/DELETE access to your DNS KEYS.  It has only READ
ACCESS.  Having WRITE/DELETE acess would be a protocol flaw or threat.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>