ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] r= for instilling good domain-name practices

2006-05-01 11:46:04

On Apr 29, 2006, at 4:23 PM, John R Levine wrote:

The text for the r= parameter indicated that as the number increases, the recommended annotation levels made by the signer also increase.

Indeed, but we still have no idea how that translates into making a reputation decision.

The r= parameter would allow the signer to assist the recipient in distinguishing between well vetted, and poorly vetted sources. Without this parameter, or a similar mechanism, the use of different signing-domains would be needed to make such distinctions. The use of different domains represents a very bad practice that would further enable message spoofing. The increased use of similar domain names would erode the recipient's ability to recognize who they are trusting. The r= parameter permits a consolidation of sources having various levels of vetting, while still permitting the signer to offer guidance which sources have undergone minimal vetting and retain trust for select sources.

Even when "trust" annotations are limited to signing-domain's trusted by the recipient, the recipient should also be able to exclude messages from receiving "trust" annotations when the signer also warns that the source has not been well vetted. Having a mechanism for the signer to indicate which messages are from well vetted sources overcomes risks associated with the recipient's inability to recognize purported originating email-addresses contained within the message.

Message annotation will become critical when international domain names and local-parts are commonly used. DKIM does not require that signers exclude messages because an email-address domain is different from that of the signing-domain. It should also be acceptable that a trusted signing domain differs from that of an email-address contained within the message.


The assurance being made by the signer has _nothing_ to due with reputation. This r= parameter relates to annotation recommendations made by the signing domain for a particular message.

Oh, in that case, I have no interest in r values less than infinity, and I don't think anyone else should, either. If a signer isn't prepared to take responsibility for the mail they sign, they have no business signing it.

A signer can be highly responsible and _still_ sign messages from poorly vetted sources. Otherwise, most email could not be signed. A signer indicates who is accountable and who should disable abusive accounts when abuse is reported. A signing domain may be very responsible, and yet sign messages from poorly vetted sources. The r= parameters permits these responsible domains to sign "trusted" messages and to also sign less trustworthy messages. It is not practical to consider all signed messages represent a uniform level of trustworthiness, or that the recipient can distinguish purported originating email-addresses. The need for trust is important, especially when some messages request various actions that would be highly dangerous when acted upon from less trustworthy sources. Annotation is already required to assist the recipient distinguishing which messages are signed. This same annotation can also warn when the source of the message has been poorly vetted by the signer.

How can a responsible signing domain better protect their recipient's than by using an r= parameter?

-Doug




_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html