ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Future uses of DKIM in Netnews (was: "I signeverything" yes/no)

2006-11-29 05:30:29
On Tue, 28 Nov 2006 17:57:30 -0000, Hallam-Baker, Phillip <pbaker(_at_)verisign(_dot_)com> wrote:

[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles Lindsey

But DKIM-base is not 100% suitable. You wouldn't want a
header called "DKIM-Signed" for an application totally
unconnected with DKIM,

Why not? The M stands for Messaging.

Yes, but the DK stands for Domain Keys.

NNTP is simply an alternative transport for email.

and you would not want the signing key
to be based on a domain-name (a newsgroup-name such as
news.announce.newgroups is traditional) and so you wouldn't
be using DNS to publicize your keys.

I disagree. I think that you want to authenticate the signer. In fact that is all you can do with any signature technology.

In the applications we are talking about, the need is for Authorization (which goes way beyond authentication), and it is the 'role' that is authorized to perform some action. The 'role' might be exercised by various people with addresses in various domains (and even where there is a special domain involved, not every message from that domain is exercising that role). So an entirely different PKI might be needed, and the only use of Dkim-Base as the protocol is that if saves reinventing yet another wheel to do essentially the same job (signing headers). And Dkim-base as it stands is 95% suitable for such other applications - just a few niggling awkward spots which might well be ignored or worked around, but niggle nevertheless.

The question of the relationship of the signer to the newsgroup is separate.

You seem to be considering the case where the signer is the newsgroup moderator. I was considering a situation where the news server signs every post that originates from one of its own users.

Then the case you were considering was entirely different from the one being discussed, because noway will such signatures be signed by any news server (because that would restrict the person filling the 'role' to using the same server in perpetuity, and worse would require him to provide the relevant private key to that server's admins).

The other reason I am here is because of concerns over EAI....

I am familiar with six acronyms for EAI. I presume you mean internationalization.

EAI just happens to be the name of the Working Group dealing with this. As a name it is entirely unsuitable, and the final name of the suite of extensions will most likely be "UTF8SMTP".

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>