ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Responsibility vs. Validity

2007-11-27 12:45:19

On Nov 27, 2007, at 10:17 AM, Dave Crocker wrote:

Folks,

This note is about an old topic that seems to remain unresolved. I'm posting it to see where the working group is on the matter:

Mechanisms like OpenPGP and S/MIME essentially validate the authenticity of content. DKIM does not. For example, a DKIM signature does not contain the semantics that claim that the From field is correct, nevermind that it does not distinguish between "brands" such as are often implied by the display string in the From field, versus the email address in it.

Rather, DKIM's task is to allow an organization to say this it has some responsibility for the message; that is, come to them if there is a problem.

In looking at the range of features that have been added to SSP, I keep thinking that this distinction is not clear. It seems to me that there is tendency to want to build "the content is valid" mechanisms into SSP.

Thoughts?

The DKIM base provides weakly defined i= semantics. SSP could strengthen these assertions.

Nevertheless, efforts at assurances regarding even localpart(_at_)domain validation or authentication is dangerous. Visible content and internationalized versions of an email-address should not be assumed properly recognized by recipients.

The TPA-SSP draft handles an identify validation assertion decision and allows it to be either dropped or strengthened.

The DKIM signature i= semantics can restrict use of the key. Some will view this semantic as authenticating the associated localpart. Of course the key g= "user+*" or "*-offer" wildcarding makes it _very_ difficult to then communicate which components of the localpart (if any) are assert as being authenticated.

There are many gray areas that could be strengthened by an SSP assertion. The TPA draft attempts to illustrate how this might be done. The "-i" suffix on a scope declaration was an attempt to replicate the i= DKIM base semantics for third-party domains.

The exchange of keys or the delegation of domains is either not safe or does not scale.

How would an organization authorize a mail-list? Would the mail-list need to add a secondary signature for every From domain in order to be authorized? The TPA-SSP draft allows the From domain to autonomously authorize a mailing-list signature as being valid. This draft even allows this third-party signature to be asserted as having authenticated the localpart(_at_)domain(_dot_)

-Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html