ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Seriously.

2008-01-23 09:39:52
from [robert] [Permanent Link] 
From: sm(_at_)resistor(_dot_)net
At 10:40 22-01-2008, Siegel, Ellen wrote:

If you have an authentic claim of responsibility from a trustworthy 
party (as per #1), why should it matter whether that party is 
represented by the From: header or the Sender: header? And why, if 
the authenticated party in the Sender: field is trustworthy, should 
it be required that the From: domain is authenticated directly?


It doesn't matter if we trust that party but see example below.

If example.com is a bank and example.net is an ISP who is a 
trustworthy party, would you trust an email for which example.net 
claims responsibility if the From: shows an example.com author?



I think my answer would be that for this purpose the scope of trust we're 
discussing is VERY narrow. It is "Do I trust this party to sign mail on behalf 
of other domains?" , not  "Do I generally consider this domain trustworthy?". 
For the first question it is really unlikely that any ISP would meet that 
requirement for me given the fact that it would imply a level of control over 
their end users that would be very hard to meet. Even the best ISPs have to 
deal with people creating bogus accounts with stolen credit cards and customers 
whose accounts get compromised, and I am not aware of anyone who has come up 
with a completely effective way to proactively stop traffic from those accounts.

If ISPs were widely considered trusted third parties for purposes of signing 
mail I think it would pushd the need for more domains to express "strict" 
policies.


See RFC 5016, Section 3.2 (Problem Scenario 2: Illegitimate Domain Name Use).

Regards,
-sm

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html


_________________________________________________________________
Helping your favorite cause is as easy as instant messaging. You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] ISSUE 1525 -- Clarification about posting by first Author, robert
Next by Date:  Re: [ietf-dkim] Seriously., Jon Callas
Previous by Thread:  Re: [ietf-dkim] Seriously., John Levine
Next by Thread:  RE: [ietf-dkim] Seriously., Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]