There appears to be a lot of differences on what DKIM actually does for the
receiver. In the end all it does is clearly define who sent the email, no more
no less. SSP is a method that the signer/sender will use to promote its signing
usage.
Bill Oxley
Messaging Engineer
Cox Communications
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles Lindsey
Sent: Wednesday, November 29, 2006 7:25 AM
To: DKIM
Subject: Re: [ietf-dkim] Future uses of DKIM in Netnews (was: "Isigneverything"
yes/no)
On Tue, 28 Nov 2006 17:57:30 -0000, Hallam-Baker, Phillip
<pbaker(_at_)verisign(_dot_)com> wrote:
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles
Lindsey
But DKIM-base is not 100% suitable. You wouldn't want a
header called "DKIM-Signed" for an application totally
unconnected with DKIM,
Why not? The M stands for Messaging.
Yes, but the DK stands for Domain Keys.
NNTP is simply an alternative transport for email.
and you would not want the signing key
to be based on a domain-name (a newsgroup-name such as
news.announce.newgroups is traditional) and so you wouldn't
be using DNS to publicize your keys.
I disagree. I think that you want to authenticate the signer. In fact
that is all you can do with any signature technology.
In the applications we are talking about, the need is for Authorization
(which goes way beyond authentication), and it is the 'role' that is
authorized to perform some action. The 'role' might be exercised by
various people with addresses in various domains (and even where there is
a special domain involved, not every message from that domain is
exercising that role). So an entirely different PKI might be needed, and
the only use of Dkim-Base as the protocol is that if saves reinventing yet
another wheel to do essentially the same job (signing headers). And
Dkim-base as it stands is 95% suitable for such other applications - just
a few niggling awkward spots which might well be ignored or worked around,
but niggle nevertheless.
The question of the relationship of the signer to the newsgroup is
separate.
You seem to be considering the case where the signer is the newsgroup
moderator. I was considering a situation where the news server signs
every post that originates from one of its own users.
Then the case you were considering was entirely different from the one
being discussed, because noway will such signatures be signed by any news
server (because that would restrict the person filling the 'role' to using
the same server in perpetuity, and worse would require him to provide the
relevant private key to that server's admins).
The other reason I am here is because of concerns over EAI....
I am familiar with six acronyms for EAI. I presume you mean
internationalization.
EAI just happens to be the name of the Working Group dealing with this. As
a name it is entirely unsuitable, and the final name of the suite of
extensions will most likely be "UTF8SMTP".
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html