Folks,
What is the scope of problems DKIM should try to protect against?
A DKIM signature means that whoever controls the DNS entry for the SDID is
taking some responsibility for the message. A random bad actor, out there in
the wilds of the Internet, cannot use that SDID.
This is the core benefit of DKIM.
Then there is the question of controlling different employees, within the
organization that owns the SDID. Perhaps I'm authorized to do signing, but the
janitor in my organization isn't.
Should a receiver that is validating a signature be asked to take on the burden
of enforcing access rules within the signing organization?
Protecting against outside attacks is inherent in DKIM's goal. Protecting
against attacks or misbehaviors from within the domain owner's own organization
strikes me as an inappropriate shifting of enforcement burden onto the
recipient.
If the working group agrees, then we have an opportunity to simplify DKIM.
Similarly, there are some features that aren't getting used, and that are not
showing any signs of getting used. Dropping them also permits making DKIM
substantially simpler.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html