On May 1, 2006, at 12:00 PM, John L wrote:
The r= parameter would allow the signer to assist the recipient in
distinguishing between well vetted, and poorly vetted sources.
Only if the recipient has some extra info about what meaning a
particular signer gives to its r= codes, which in general will not
be the case. Or if the recipient does know something extra about
the signer, they can make any private arrangements they want, so
there's no need to put anything in a standard.
Okay, 0-9 may be far too many to arrive at a well understood
interpretation. Following the example of the x-priority header, also
used ubiquitously for message annotation, three levels seems a basic
minimum.
The default assignment when r= is not included, would be r=1
(normal). An r=0 (low) level serves as a warning by the signer that
the source or the content of the message has not been fully vetted.
Alternatively, an r=2 (high) level indicates that both the source and
the content of the message have been well vetted. When the signing
domain is trusted, the recipient may better rely upon information
within the message when the signer also offers an increased reliance
level. Conversely, the signer offering a lowered reliance level
could serve as a necessary warning.
0= low
1= normal (default)
2= high
: The r= parameter is assigned by the signer a value of
: 0-2, where 1 is the default, which recommends a normal
: reliance level be assigned the message for purposes of
: annotation. An annotation of level 0 is to warn the
: recipient to place less reliance upon the information
: contained within the message. An annotation level of 2
: indicates a higher level of reliance can be placed upon
: the information contained within the message.
:
: To ensure control in the case of MUA signing, the r=
: parameter in the signature MUST always be less than or
: equal to the key r= level. When there is no r=
: parameter found in the key, the highest r= parameter
: allowed in the signature would be r=1. When there are
: no r= parameters found within the signature, r= defaults
: to a level of 1. An instance where the key r=
: parameter is less than that of the signature, the
: signature is invalid.
The signature provides an accountable domain when abuse is detected.
When the signature encompasses a range of sources where some are
poorly vetted, the signature, by itself, can not impart any
additional level of trust, nor is it reasonable to expect recipients
to recognize or independently vet email-addresses contained within
messages. Elevated reliance upon an email-address above that of the
signing-domain would require several unsafe and unverifiable
assumptions.
For example, an ISP may sign all messages. When those messages are
not authenticated from known good accounts, the provider may wish to
warn recipients by asserting an r=0. When the ISP wishes to
recommended actions that might be considered dangerous when from
untrustworthy sources, the ISP may wish to offer an r=2 to assure
their customers that acting upon the information should not be
considered a security risk. The ISP may also caution customers not
to act on account or system related requests that are not signed by
them with an r=2 level. Without the r= convention, greater
constraints upon email-addresses would be required, and additional
domains names would be needed to make distinctions of relative
trust. Email-address constraints may be disruptive, and additional
domain names diminishes the goal at reducing the level of spoofing.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html