ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Responsibility concerns with Designated Signing Domains

2006-08-25 16:22:19
On Friday 25 August 2006 17:48, Jim Fenton wrote:
While we aren't defining reputation or accreditation services in this
working group, it has been widely suggested that such services would use
the d= domain on the signature as the "lookup key" for retrieving
reputation or accreditation information.

Yes and IIRC, in the discussions about DKIM-base it was largely assumed d= 
would point to the operator's domain.

There is a fundamental difference, then, between key delegation and
delegation via SSP.  In the former (key delegation) case, the party
applying the signature (delegatee) is merely acting as an agent of the
delegator to do the mechanics of signature application.   It is still
the delegator's signature, and the "buck stops" with the delegator in
terms of who has taken responsibility for the message.  In the latter
(SSP delegation) case, it is the delegatee's domain that takes
responsibility for the message.  Some have suggested the delegatee might
want to use subdomains in order to allow reputations to avoid
aggregating reputations from different delegators (or classes of
delegators).

Yes, this is the opposite of what was figured for DKIM-base.

Some implications of this change in responsibility:

1. Responsible domains using SSP delegation will not be able to change
signing providers (delegatees) without forfeiting any positive
reputation they have accumulated.  It should really be the delegator's
positive reputation, because they are the ones acting responsibly in
their mailing practices and/or the use of outside mailing providers.  It
should not be necessary to start over if you change ISPs or outbound
marketing providers.

I can see this going either way.  In the end the operator controls what goes 
out and what doesn't.  Both the author domain and the operator domain can 
allow bad things to happen.  Only the operator is in  a  position to be 
assured of preventing them.

2. Delegators are more likely to be diligent in the choice of delegatees
when it is their own reputation at stake.  When it is the delegatee's
reputation at stake, they can always employ an unreliable party, or in
the extreme a spammer, and when abuse is reported simply say "oh, sorry"
but not endure any impact on their reputation at all.

And if the author's reputation, the operator has less incentive to ensure 
their customers are clean and have a positive impact on their reputation.

3. We are already aware of the potential for the use of throw-away
domain names by bad actors who otherwise might accrue a bad reputation.
This opens a new possibility:  it isn't necessary to get a new domain,
just delegate signing to a new entity and "all is forgiven".

That's equally true for first party signatures if one picks a new subdomain or 
a new domain.  I don't think this is any different.

Personally, I've got no idea how the reputation stuff is going to work out.  I 
think it was smart to have it outside the scope of this WG.  From a 
reputation scoring perspective, I think it's a toss-up.  NS delegation versus 
DSD/third party authorized will definitely different.  I don't know which is 
better.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html