Doug,
Thanks for the clarification, so an assertion for subdomains that can
"opt out" of parent signing systems so that bill***(_at_)foo(_dot_)com is
authenticated with sig and bob***(_at_)foo(_dot_)com is not?
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: Douglas Otis [mailto:dotis(_at_)mail-abuse(_dot_)org]
Sent: Thursday, June 01, 2006 3:28 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: william(_at_)elan(_dot_)net; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] draft-ietf-dkim-base-02 // Parent signing
securityconsiderations
On Jun 1, 2006, at 11:57 AM, <Bill(_dot_)Oxley(_at_)cox(_dot_)com>
<Bill(_dot_)Oxley(_at_)cox(_dot_)com> wrote:
Just so that I can understand clearly, TLD offers signing ability
to those who don't want to develop or buy their own.
So bar.com offers to sign for me(_at_)foo(_dot_)ca
No.
Imagine a TLD wants to promote use of certificates for exchanging
emails. These outbound services could only be used for email-
addresses within their domain for the email-address to be marked as
verified (included within the i= parameter). A TLD of .foo could
sign a message that validates any email-address within the foo
domain. This could be webmaster(_at_)example(_dot_)foo that uses a signature
with i=webmaster(_at_)example(_dot_)foo d=foo.
However by bringing cetificated messages frm me(_at_)foo(_dot_)ca you are
assigning a reputation to that signature that DKIM presents.
Assume DKIM becomes the more widely adopted convention used for
verifying signed messages. The certificate would be used only to
gain access to the TLD's outbound servers. Reputation would likely
be based upon the foo signing domain, as you seem to be suggesting.
It is unlikely a reputation service will create reputations for
individual email-addresses. The basis for identifying a culpable
entity seems too weak to risk possible litigation. Reputation
services may report specific messages to the signing domain for
confirmation and resolution. (The Opaque-Identifier revocation
option was intended to provide a scalable and timely method for
curtailing abuse of this type.)
Contrary to the base draft claim of relying upon the email-address,
receivers are more likely to focus upon the signing domain with
respect to messages acceptance. Aggregating more email-addresses
behind a common signing domain introduces the issue of greater
collateral blocking. Although parent signing will simplify the
handling of email-addresses received with wildcard MX records, this
convenience for the transmitter increases the burden on the
receiver. This added burden for the receiver is highly counter
productive when abating abuse.
That is not a valid assumption as plenty of bar.com's for a fee
would be happy to sign for any spammer that shows up with cash.
This is inevitable.
Agreed. It makes the TLD and CA money, while also introducing
conflicts with respect to who is really authoritative. Many criminal
spammers already hide by utilizing shared resources. Allowing the
parent to be authoritative will also increase the number of these
shared hiding places. : (
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html