ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] responsible identity != author identity != person

2009-01-28 18:57:47
from [John Levine] [Permanent Link] 
That kind of signing would prevent using i= for social networking,
because even if Grandma pays for the account (and thus the user_id
roughly identifies her), drunken Uncle Ernie lives in the basement
and sponges off her AOL subscription, and they'd both have the same
i= value.


But as you have surely seen, that happens even with a single mailbox
with a single address.  A fair amount of the correspondence my 12 year
old daughter exchanges with her classmates comes from what is clearly
a parent's address shared by the kid.  On my church mailing list,
there are plenty of addresses shared by husband and wife.

When an ISP provides multiple addresses there's no way for the ISP to
know whether they're Grandma and Ernie, or one address is Grandma's
address for the church potluck mailing list and the other is the one
for her leather'n'whips* list.  All the ISP knows is that whoever knows
Grandma's password controls all of her addresses, so as far as they
can tell, it's one identity.

On the other hand, as we get more extensive experience with DKIM, it
seems inevitable to me that we'll build up categories of useful
information that we can deduce from known signers.  For example, AOL
and Outblaze prevent their users from modifying the From: line, so you
know that if one of them signed a message, the From: address is a
stable identifier.  Yahoo might put one signature on their free web
mail, another signature on the paid ISP mail from Sympatico and BT,
and a third on employee mail, each using an i= that is stable per
signup or per employee.

It's not going to be as simple as some people would evidently like it to
be (in particular, i= will never be a reliable e-mail address), but DKIM
is a great tool on which we can build all sorts of useful identity and
reputation management stuff.

Now let's see if we can clarify once and for all that d= is the
identifier, and i= only means what the signer wants it to mean, so you
can only interpret it to the extent you recognize the signer.

R's,
John

* - Grandma's hobby is driving her horse cart, you pervert.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] RFC4871bis, Douglas Otis
Next by Date:  Re: [ietf-dkim] DKIM does not identify senders, and we have big semantic problems, Dave CROCKER
Previous by Thread:  [ietf-dkim] responsible identity != author identity (was Re: draft Errata on RFC 4871), J.D. Falk
Next by Thread:  Re: [ietf-dkim] responsible identity != author identity != person, Suresh Ramasubramanian
Indexes:  [Date] [Thread] [Top] [All Lists]