ietf-dkim
[Top] [All Lists]

[ietf-dkim] NEW ISSUE: Signature semantics

2007-12-09 10:27:04


6. Signature Semantics

DKIM was devised to provide a means of declaring an (organization's) identity
that is taking "responsibility" for placing a message into the transit stream.
This is a very constrained semantic for the signature, and really pertains to
no more than a delivery decision.

In reviewing the apparent semantics of full SSP use, I believe it seeks to
move a DKIM signature, which uses the same domain name as is in the From
field, into the realm of declaring content to be valid.  This is a much more
demanding semantic and, I believe, moves the DKIM/SSP service into direct
competition with S/MIME and PGP.  At best, this seems entirely ill-advised.
At the least, it is considerably more ambitious than the initial functions
discussed for SSP.  For an initial version of a standard, more ambitious means
more risky.


To the extent that the above is not sufficiently clear:

As discussion on the mailing list this past week has made clear, there is continuing working group disparity about the semantics of using DKIM, with or without SSP. The use of SSP's handling options clearly moves things into statements about message content. This exceeds the semantics for which DKIM was designed. See, for example:

   <http://mipassoc.org/pipermail/ietf-dkim/2007q4/008136.html>

Before SSP can be stabilized the working group must reach consensus on basic issues of semantics for the mechanism.

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html