On Jul 27, 2006, at 6:02 PM, Hector Santos wrote:
Is it possible to view this from a VERIFIER security standpoint
based on what is to expected in DKIM-BASE and all possible
signatures regardless what is deemed useful or not?
After, the verifier is going to be the ultimate "controller" of
what gets processed, what get disseminated, filtered, etc.
Regardless of the meaning the possible the DKIM-BASE signature
protocol has left itself unprotected.
Your draft retains the Originator Address (OA) of SSP in a limited
fashion.
The draft uses the term domain without referencing which domain. It
is not clear whether domain refers to signing domain or the OA.
For example, the draft makes an odd statement:
,---
| The only case for reliability is when the DKIM
| signature is verified. However, even then, this
| valid signature may be done on a domain which
| did not authorize this signing process.
'--
I assume this means the OA did not designate the signing domain.
Rather than considering this a means to authorize or instruct
receiving verifiers, consider policy related to defining valid
sources (signing and non-signing) of the OA.
Why indicate the prevalence of a designated signing domain?
Why differentiate between an unknown (not listed) signing domains and
not being signed or having an invalid signature?
Ensuring DKIM does not cause a spate of delivery problems seems to be
of greater importance than publishing policy. It seems making DKIM
problematic or difficult to manage might kill DKIM adoption. It also
seems your table could be greatly simplified. The list and all of
these states could be reduced to just a list and a flag that
indicates whether other sources not included within the list are
valid. By allowing other non-listed sources, non-signed sources
would also be valid. A closed empty list means there is no valid
source for this OA.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html