ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] 1360: ssp-requirements-01 // Designated Signing Domain Scenario missing

2006-10-11 07:13:29
from [Stephen Farrell] [Permanent Link] 

There was also clear opposition in the jabber to including this.

However, on balance I don't feel comfortable saying where the
consensus lies here, so I've asked Barry to look over the logs
and list to see what he thinks,

Stephen.

Douglas Otis wrote:

https://rt.psg.com/Ticket/Display.html?id=1360
There has been support on the list for ensuring a designated signing domain mode of operation be retained as a viable option. This added scenario clarifies that policy is able to make such designations. 

Policy's designated signing domains can independently indicate that:

1) the signature is valid for the referenced email-address.

2) the referenced email-address is also valid.
This ability to designate a signing domain enables these two modes of operation, where the first mode does not modify how the MSA operates. The first mode thus enables simpler compliance with an "all messages are signed" assertion while allowing free use of outside providers. This would also be a continuation of 1359. This mode of operation eliminates ISP coordination and specialized services for each email-address domain owner. 


Designated domains over delegation offer significant advantages:

1) the domain authenticating outbound access and signing the
   message is identified.

2) abuse reporting is directed to the affected and actionable
   domain.

3) no additional administration is required for "all messages
   are signed" compliance.

4) private keys are never transferred to or held by a third-party.

5) validated email-addresses are bound to the access-account
   rather than the domain-owner's keys when asserting the
   email-address is valid.

6) the level of trust when asserting valid email-addresses
   remains within the control of the email-address domain owner.

7) Allowing ISPs to use a common key reduces key caching.

8) Policy assertions and email-address validity can be multiplexed
   with different designated signing domains.

-Doug

_______________________________________________
NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html 



_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [ietf-dkim] 1360: ssp-requirements-01 // Designated Signing Domain Scenario missing, Stephen Farrell <=
Previous by Date:  Re: [ietf-dkim] DKIM and VBR tester available, Hector Santos
Next by Date:  [ietf-dkim] Jabber tomorrow 1500 UTC, Stephen Farrell
Previous by Thread:  [ietf-dkim] DKIM and VBR tester available, Paul Hoffman
Next by Thread:  [ietf-dkim] Jabber tomorrow 1500 UTC, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]