ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Keys vs. Reputation

2006-08-21 14:53:58
from [Scott Kitterman] [Permanent Link] 
On Monday 21 August 2006 17:15, Dave Crocker wrote:
...

The question is what does the signer need to communicate to a validation
site, for the validation site to be able to make a useful assessment?

The answer is:  a validly signed domain name.

That's all.

If the signer wants to have assessment be based on different reputations,
such as for messages authored by different customers of the signer or
messages authored by different departments in the signer's organization,
then the signer needs to use different d= values.



Scope
-----

I claim that this is all that is needed, for DKIM signed mail, in terms of
determining what identity to use for assessment of the message and to
determine whether the use of that identity is "authorized".

For a signed message, anything beyond this is really trying to dive into
the complex arena of reputation subtleties.  While these are, of course,
important, they are vastly more complex than ensuring valid signatures.

In other words, the job of DKIM is to deliver a valid identity to an
assessment mechanism.

The signer determines what identity is to be delivered and DKIM makes sure
that the assessment mechanism whether the assertion of that identity is
valid.  DKIM needs to support fine-grained naming, so that signers have a
wide-range of choices for they way their different signing identities can
be evaluated. However DKIM does not have a role in deciding what those
choices can or will be.

How the assessment service decides to use different names is a matter that
falls under reputation and accreditation.  My reading of the charter says
that that is out of scope.


If I read what you've written correctly:


In other words, the job of DKIM is to deliver a valid identity to an
assessment mechanism.



How the assessment service decides to use different names is a matter that
falls under reputation and accreditation.  My reading of the charter says
that that is out of scope.


What you are saying is that DKIM-base is all that is in scope for the working 
group.  Last time I read the charter, that isn't what it said.  What am I 
missing here?

What would you say is in scope for DKIM-SSP?

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Keys vs. Reputation, Dave Crocker
Next by Date:  Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Michael Thomas
Previous by Thread:  [ietf-dkim] Keys vs. Reputation, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Keys vs. Reputation, Damon
Indexes:  [Date] [Thread] [Top] [All Lists]