ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] I sign nothing / only only 3rd party / some mail

2006-07-27 14:14:23
from [Douglas Otis] [Permanent Link] 

On Jul 27, 2006, at 12:53 PM, Michael Thomas wrote:


Douglas Otis wrote:
The "I sign some mail" (an open-ended list) also indicates that when a signature is damaged by a mail-list for example, this source should be considered valid for their OA. An open-ended list also allows positive annotations, but with fewer delivery failures or support calls.
I have no idea what an "OA" or "open ended list" is, but I seriously doubt it. Preferential treatment based on unverifyable DKIM-Signature bits is an invitation for abuse.
OA was short-hand for Originator Address (OA) as defined in Eric Allman's SSP draft. This OA, or perhaps the Signing Address (SA) as defined thin the Base draft, would be where a DKIM related policy might be found.
While DNS zone delegations are possible, these require formal arrangements, rather than less formal arrangements currently common place when using an ISP for outbound traffic. This ISP might now employ DKIM signing under their domain. The existence of the DKIM signature offers a valuable tool for combating abuse, where much of this value would be unrelated to an OA or SA policy assertion. The concerns related to the OA or SA are likely important to a minority of DKIM signing domains being spoofed, especially when an exacting assertion leads to a delivery failure.
To permit less formalized arrangements between OAs or SAs and an ISP offering DKIM signing under their domain, DKIM policy could be defined as just being a list of designated signing domains for the OA or SA. This list could have two modes. One mode could then be defined as being "open-ended" which means the list is not complete. A list that is not "open-ended" would be "closed-ended" or "fixed." A "close-ended" list indicates that the OA or SA has declared an explicit set of valid signing domains. A designated signing domain list (DSDL) and a single flag indicating open or closed permits every policy required by Bill, for example.
Perhaps another major benefit from this approach would be improved envelope handling when a greater range of associations are made possible. 

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] The URL to my paper describing the DKIM policy options, Scott Kitterman
Next by Date:  Re: [ietf-dkim] The URL to my paper describing the DKIM policy options, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] I sign nothing / only only 3rd party / some mail, Michael Thomas
Next by Thread:  Re: [ietf-dkim] I sign nothing / only only 3rd party / some mail, Steve Atkins
Indexes:  [Date] [Thread] [Top] [All Lists]