ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] review of draft-ietf-dkim-overview-01

2006-07-13 05:10:49


Eric Allman wrote:
It's a battle that should be fought by the folks in the vetting
business.

DKIM should use a generic term that isn't one of the terms of art.

I don't think I agree with this.  First, since by your own argument
these terms aren't properly defined, using yet another poorly defined
term to mean the same thing doesn't exactly seem to be improving the
situation.  

Well, we are already making a point of playing this ambiguity game, in terms of
the term "responsible":

From the abstract:

The ultimate goal of this framework is to permit
   a signing domain to assert responsibility for a message

Yet we are extremely careful to leave the precise meaning of "responsible"
unstated.  We have fought the tempation to provide that definition and I
continue to claim that that is a Very Good Thing for us to continue to do. It is
an issue that is actually outside the scope of DKIM's solution.

We provide a mechanism that enables the folks for whom it IS within scope, but
we don't (need to) do it ourselves.

We need to be quite precise and consistent about the term authentication, since
that's DKIM'sjob.  The higher level stuff isn't.


Also, since the overview is supposed to be an informative
document that paints the scene for reading the rest of the documents,
using a term that is likely to make people scratch their heads works
against the goal.

A fair point of view.  However I would much rather have the Overview document
cite some of the terms of art that get used, offering them merely as exemplars
of activities that will use DKIM, but not actually define those words, except in
terms of a more generic word.  This might lead to sentences that are less crisp
(elegant) but keeps us the heck out of the briar patch of the
reputation/accreditation.

So, for example:

1.2.2.  What is the purpose of DKIM?

   DKIM lets an organization take responsibility for a message.  The
   organization taking responsibility is a handler of the message,
   either as its originator or as an intermediary.  Their reputation is
   the basis for evaluating whether to trust the message for delivery.

might become:

1.2.2.  What is the purpose of DKIM?

   DKIM lets an organization take responsibility for a message.  The
   organization taking responsibility might be a handler of the message,
   as its originator or as an intermediary, or it might be a third-party vetting
   service.  Their recipient assessment of the signer provides
   the basis for evaluating whether to trust the message for delivery.

NOTE:

   I've had to deal with a second issue, in the above text:

   Signers will not necessarily be the folks moving the message.

   This came up when Goodmail first started getting public discussion and I
suggest a scheme that would allow such third-party services to sign a message
using DKIM.  Obviously, their involvement requires the cooperation of a handling
agent, but the handling agent isn't doing the signing.

d/
-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html