On Nov 27, 2007, at 10:17 AM, Dave Crocker wrote:
Folks,
This note is about an old topic that seems to remain unresolved. I'm
posting it to see where the working group is on the matter:
Mechanisms like OpenPGP and S/MIME essentially validate the
authenticity of content. DKIM does not. For example, a DKIM
signature does not contain the semantics that claim that the From
field is correct, nevermind that it does not distinguish between
"brands" such as are often implied by the display string in the From
field, versus the email address in it.
Rather, DKIM's task is to allow an organization to say this it has
some responsibility for the message; that is, come to them if there
is a problem.
In looking at the range of features that have been added to SSP, I
keep thinking that this distinction is not clear. It seems to me
that there is tendency to want to build "the content is valid"
mechanisms into SSP.
Thoughts?
The DKIM base provides weakly defined i= semantics. SSP could
strengthen these assertions.
Nevertheless, efforts at assurances regarding even localpart(_at_)domain
validation or authentication is dangerous. Visible content and
internationalized versions of an email-address should not be assumed
properly recognized by recipients.
The TPA-SSP draft handles an identify validation assertion decision
and allows it to be either dropped or strengthened.
The DKIM signature i= semantics can restrict use of the key. Some
will view this semantic as authenticating the associated localpart.
Of course the key g= "user+*" or "*-offer" wildcarding makes it _very_
difficult to then communicate which components of the localpart (if
any) are assert as being authenticated.
There are many gray areas that could be strengthened by an SSP
assertion. The TPA draft attempts to illustrate how this might be
done. The "-i" suffix on a scope declaration was an attempt to
replicate the i= DKIM base semantics for third-party domains.
The exchange of keys or the delegation of domains is either not safe
or does not scale.
How would an organization authorize a mail-list? Would the mail-list
need to add a secondary signature for every From domain in order to be
authorized? The TPA-SSP draft allows the From domain to autonomously
authorize a mailing-list signature as being valid. This draft even
allows this third-party signature to be asserted as having
authenticated the localpart(_at_)domain(_dot_)
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html