ietf-dkim
[Top] [All Lists]

[ietf-dkim] RFC4871bis: considering some guidelines to the effort

2009-03-20 13:48:31
Folks,

What is the scope of problems DKIM should try to protect against?

A DKIM signature means that whoever controls the DNS entry for the SDID is 
taking some responsibility for the message.  A random bad actor, out there in 
the wilds of the Internet, cannot use that SDID.

This is the core benefit of DKIM.

Then there is the question of controlling different employees, within the 
organization that owns the SDID.  Perhaps I'm authorized to do signing, but the 
janitor in my organization isn't.

Should a receiver that is validating a signature be asked to take on the burden 
of enforcing access rules within the signing organization?

Protecting against outside attacks is inherent in DKIM's goal.  Protecting 
against attacks or misbehaviors from within the domain owner's own organization 
strikes me as an inappropriate shifting of enforcement burden onto the 
recipient.

If the working group agrees, then we have an opportunity to simplify DKIM.

Similarly, there are some features that aren't getting used, and that are not 
showing any signs of getting used.  Dropping them also permits making DKIM 
substantially simpler.

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>