ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Delegated signatures in real life

2006-08-29 18:56:01

On Tue, 29 Aug 2006, Steve Atkins wrote:

What am I missing here?

Taking responsibility for email is not the same as protecting "From" address from unauthorized use. I may want to have "someremailer.com"
take responsibility for remailing the message that passes through them
where as when I send message directly I take responsibility for that.

At the same time I do know that some of my email (i.e. with "From"
email address) will endup  going through them and they will sign
those emails. So including them in list of 3rd party senders allows
to conclude the policy with sign-all and then nobody else can
send email on my behalf without it being violation of this policy.

The major difference really is that it is necessary for remailer to
know about you having delegated addition of signature on your behalf
with NS delegation (or some other selector location mechanism).
For policy record when verifying your "From" address no special action/reconfig is necessary for remailer if message with your
"From" start passing through them - only action from your side
is necessary. Operationally 2nd one is a lot easier to setup for
users and most "3rd party" mailing services i.e. compare to SPF
when you want to include list of ip address of your ISP and no
special action from your ISP is necessary, where as with NS
delegation of selectors it would be required.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html