ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] The URL to my paper describing the DKIM policy options

2006-07-27 15:20:01
On Thursday 27 July 2006 17:57, Michael Thomas wrote:
Scott Kitterman wrote:

If I send mail through the mail server of isp.example.com and they sign
with my key, it matters a GREAT deal to me if they also sign other people
using my name with my key.  This may be largely an operational question,
but the protocols have to support getting a reliable answer to it.

I think I detect some old world thinking here. This is certainly the
case with
IP addresses, but don't see why it need be the cae with crypto. If the name
bound to a particular key doesn't do bad things, that really doesn't say
anything
about another name bound to the same key. Both identities can and probably
should accrue their reputations independently. Only after you had
sufficient evidence might it be a good idea to make an induction about a
new identity bound to that key.

In any case, DKIM allows either mode so I'm not sure what the problem is
here.

It's more the other way around I'm worried about.

If I use isp.example.com and they sign messages with my name and a key (theirs 
or mine, doesn't matter) and they also sign messages actually sent by joe 
spammer (another one of their customers) with my name and a key (again, 
theirs or mine), then it sucks to be me.  That's the problem.

This is really an internal ISP operational problem (they need to sort out who 
is allowed to use what identities on their servers), but the protocol and 
associated guidance need to make that clear.  

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>