ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats

2009-04-02 11:22:26
from [Dave CROCKER] [Permanent Link] 


Jim Fenton wrote:

     The correct test case is:


From someone(_at_)foo(_dot_)example

Valid signature from ietf-examples(_at_)foo(_dot_)example

...

At this point, the mailing list manager would normally sign the
message.  Let's examine this with the i= and d= choices:

Using i= as the basis for Author Signature, the list can sign the
message, and the eventual verifier/assessor that does an ADSP check will
see that it (still) lacks an Author Signature since
ietf-examples(_at_)foo(_dot_)example does not match 
someone(_at_)foo(_dot_)example(_dot_)

Using d= as the basis for Author Signature, if the list signs the
message, an eventual verifier/assessor will erroneously see that
signature as an Author Signature, and therefore might not give the
message the desired treatment.  



I think there are two sources of confusion for this round of ADSP discussion.

The first is that the term "Author Signature" encourages one to think that DKIM 
is used to sign with the full author email address, rather than with the 
/domain/ of the author's address.  We fixed that error in the name of the 
document, but forgot to carry it through to the details of the spec.

DKIM is about domains, not email addresses.  And that's all ADSP should be. 
Using i= encourages this cofusion.  Using "Author Signature" rather than 
"Author 
Domain Signature" also encourages it.

The second is whether a receiver should be asked to enforce controls for usage 
by folks /within/ the originating domain's span of control.  It's one thing to 
worry about unauthorized use by someone /outside/ of the owning domain's 
control, but quite another to ask a receiving system to help keep the owning 
domain's own house clean.

If the domain owner cannot exert enough administrative control, to keep 
signatures for mailing lists separate from signatures for authors, then that's 
the owner's problem.  It shouldn't be the receivers.

The same applies for one author vs. another, within the same domain.


The specification and semantics of ADSP get simpler, cleaner and properly 
scoped, when d= is used.  Using i= really does invite a complex of issues that 
should be outside the scope of DKIM and ADSP.

Use d=.

d/

ps.  That includes dropping the "ADSP is incompatible" note.

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Consensus point on ADSP, Jim Fenton
Next by Date:  Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats, Siegel, Ellen
Previous by Thread:  Re: [ietf-dkim] jabber logs into working group mailing list archives?, Barry Leiba
Next by Thread:  Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats, Siegel, Ellen
Indexes:  [Date] [Thread] [Top] [All Lists]