On Apr 26, 2006, at 12:32 PM, J.D. Falk wrote:
On 2006-04-25 08:51, Douglas Otis wrote:
Well vetted sources can be indicated by the signer with some type
of notation or semaphore.
So, the signer -- who is most often the sender -- indicates to the
receiver whether or not the message is trustworthy?
This is making these assumptions.
1) A list of well-known and trustworthy domains can be compiled and
freely distributed.
2) Few well-known domains are comprised exclusively of only well
vetted sources.
3) A recipient can not reliably recognize email-addresses.
4) Trust is not easily managed at the email-address.
Assume MUA clients offers an ability to annotate messages based upon
the DKIM signature. A signed message from a major service provider
will not offer much in the way of trust. Millions of poorly vetted
users will have their messages signed by this well known domain. The
same problem exists to a less degree when temporary workers obtain
email-addresses within well known institutions. When both halves
the the email-address (right and left) are internationalized, the
recipient will also be unable to recognize the email-address due to
extensive character repertoires available allowing many many look-
alikes.
Keep the list of well-known domains manageable. Such a list should
comprise the majority of critical transactional messages a recipient
would normally see. Without a means to differentiate internal
sources, this list of well-known domains will become significantly
diffused (expanded) when either hyphenated or sub-domain names are
utilized to differentiate the source being trusted. When splitting
the domain, the domain-name a provider may wish to have trusted would
in fact not be well-known. This bifurcation of domains, for purposes
of re-establishing trust, will dilute brand recognition, confuse
consumers, and play into the hands of phishers. For example, a
provider "bigisp.com" might send administrative messages from either
"bigisp-inc.com" or "admin.bigisp.com". Their customers should be
wary accepting these alternative, less known domains as more
trustworthy.
Being able to differentiate better vetted sources _within_ the well-
known domain restores a level of trust when messages are both signed
by the well-known domain, and also marked as restricted (either
transactional or administrative). This assumes the well-known domain
protects this trust by limiting access to these special keys (denoted
by special selectors). The well known service provider or
institution could have their administrative or transactional messages
obtain a trust annotation, without fearing one of their millions of
customers or less trustworthy employees will spoof other customers by
sending a hazardous message asking to apply a browser plug-in, for
example.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html