ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Fluffy DKIM questions

2007-05-15 13:26:33
I'll take a shot...

Steve Atkins wrote:
As a distraction from the deeply technical stuff, I have
some PR / deployment related questions. I'm looking
for answers that are suitable for a user intending to
deploy, rather than a developer intending to implement.
I'm also talking solely about dkim-base, not about any
of the bags on the side.

1. Does anyone have an overview of the benefits and
    drawbacks to DK and DKIM in general?

There's a lot written about that in various places, but here's my view
(excluding the "bags on the side", per your request):

- There's the general benefit to e-mail authentication, that it
increases trust.  But more specifically, I can whitelist authenticated
messages from domains that I trust, and make sure their messages always
get through.  This is important for a lot of domains that depend on
their ability to receive mail to support customers, process orders, etc.

- Email authentication is beneficial in that it enables accreditation
and reputation based on the domain name, rather than on the IP address
of the sending MTA.  This is perhaps a "bag on the side", but since
authentication enables something desirable, I see it as a benefit.

- DK and DKIM do this in a way that "transparent" forwarding preserves
the authentication.  We don't have much data about hot much this is
actually done and there is some evidence that this represents a small
percentage of e-mail messages, but I consider forwarding to be an
important use case because it gives users the equivalent of "local
number portability":  they can change providers without changing e-mail
addresses.

2. How about the differences between DK and DKIM?

In general, DKIM is more tightly specified.  For example, it requires
that the header fields being signed be listed in the signature, and
specifies rules for what to do with duplicate header fields.  It also
has some extensions to DK, such as the body length count, ability for
finer-grained validity and delegation of keys, and canonicalization choices.

3. Is a valid DK signature a valid DKIM signature?

No.

3b. If the general answer to that is "no", are some subsets
    of DK signatures also valid DKIM signatures?

No.  There is, however, compatibility in the key records ("selectors"):
DK key records can be used by DKIM, although the reverse isn't
necessarily the case.

4. What are the Intellectual Property implications of
    deploying DKIM? (The Yahoo DK license agreement
    has scared off a number of people from implementing
    or using it).

IANAL, so I don't have an answer to this one.  If anyone is scared away,
please let us know.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html