ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Delegated signatures in real life

2006-08-29 17:09:28

Hallam-Baker, Phillip wrote:
Orbitz might not care about the security issues raised by allowing doubleclick 
to sign messages on behalf of their CEO and other executives. Many others will.

This is a security area spec, least privilege must apply wherever possible.

I'm not entirely convinced by the least privilege argument here.
(Of course, we're currently giving maximal privileges to the DNS
admins, so it may also be too late.)

Anyhow, while its a good principle, it can lead to over engineering.
And the premature involvment of legalistic stuff was, IMO, highly
detrimental to the development of PKI, so I'd personally be happy
were the WG to try to engineer dkim signatures to be as legally
insignificant as possible.

S.

PS: Chair hat off in the above of course.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html