Re: [ietf-dkim] brand protection, was Is anyone using ADSP?
2009-10-14 13:48:53
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of hector
Sent: Wednesday, October 14, 2009 7:20 AM
To: dcrocker(_at_)bbiw(_dot_)net
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] brand protection, was Is anyone using ADSP?
A DKIM signature says nothing about "origination". A signature is
typically by
an organization that handles the message, but it need not be the
originator or
even a sender. An independent trust service, such as Goodmail, could
sign it,
for example.
So are you saying that all receivers should whitelist goodmail.com
dkim-signature: d=goodmail.com ....?
regardless of what the Author Domain has declared for ADSP?
Should we take for granted that the author domain has paid
GOODMAIL.COM to certified its mail?
Conversely, what happens when mail from author domain does not arrive
with GOODMAIL.COM signatures?
How does the receiver handle this?
You're trying very hard to infer something that was not stated or implied in
either what Dave said above or in the specs themselves.
In general, people are trying very hard to infer something from DKIM signatures
and from ADSP that simply can't be safely inferred from the protocols as they
have been defined so far.
The simple answer to the question is: "We don't know yet." I'm sorry that this
is the case, and I do understand that it's frustrating, but right now that's
where we are.
Some constructive work would be really helpful here rather than all this
fist-pounding and finger-pointing that only serves to degrade things further.
I for one would love to either write or see a draft that provides a third-party
version of ADSP (FDSP, "F" for "forwarding"? LSP for "list signing
practices"?) that considers the general list and forwarder cases, including
discussion of possible attacks and why the proposal is resilient to them. TPA,
for example, proposes an idea for authorizing third-party signatures where the
third parties are known a priori, but thus doesn't cover mail through a list
some user might want to use that signs/resigns. DSAP is something closer to
useful in the general case but is in need of examples and something more than
an outline in the area of security considerations, thus demonstrating its
usefulness.
I would happily implement either or both as experiments if there's even partial
consensus that they are potentially workable solutions.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, (continued)
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, J.D. Falk
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Charles Lindsey
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, John Levine
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Dave CROCKER
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, hector
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, hector
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?,
Murray S. Kucherawy <=
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Dave CROCKER
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, hector
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Doug Otis
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, hector
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Ian Eiloart
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, hector
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Ian Eiloart
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, hector
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Ian Eiloart
- Re: [ietf-dkim] brand protection, was Is anyone using ADSP?, Ian Eiloart
|
|
|