ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] requirements

2006-07-27 23:24:59

----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Thursday, July 27, 2006 11:28 PM
Subject: Re: [ietf-dkim] requirements

The draft uses the term domain without referencing which domain.  It
is not clear whether domain refers to signing domain or the OA.
For example, the draft makes an odd statement:
,---
| The only case for reliability is when the DKIM
| signature is verified.  However, even then, this
| valid signature may be done on a domain which
| did not authorize this signing process.
'--

I think I rephrase it. Thanks

In short, it implies DKIM-BASE is based on a "Good Citizen" model where
every "i is dotted" and every "t is crossed."   But it lacks no security
provisions for protecting against the most obvious of all DKIM failures - in
this case as to relates the above statement - unauthorized signings.

DSAP (DKIM Signature Authorization Protocol) is about securing the DKIM-BASE
signing practice of the responsible domain.


---
HLS


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html