ietf-dkim
[Top] [All Lists]

[ietf-dkim] Issue 4871bis - DKIM Definition Separation of domains conflict

2010-08-16 15:40:09
Dave CROCKER wrote:

On 8/15/2010 6:25 PM, Daniel Black wrote:

rfc4781 Abstract - last sentence. Still abstract however this 
was a general lead-in discussion.

That's why the bis draft uses different language.  It's also why 
wg docs written aftr 4871 have been searching for better language.

In the current bif draft, it has:

Abstract

    DomainKeys Identified Mail (DKIM) permits a person, role, or
    organization that owns the signing domain to claim some
    responsibility for a message by associating the domain with the
    message.  This can be an author's organization, an operational relay
    or one of their agents.  DKIM separates the question of the identity
    of the signer of the message from the purported author of the
    message.  Assertion of responsibility is validated through a
    cryptographic signature and querying the signer's domain directly to
    retrieve the appropriate public key.  Message transit from author to
    recipient is through relays that typically make no substantive change
    to the message content and thus preserve the DKIM signature.

I have trouble with the 3rd separation sentence and the potential 
ignorance it presents by breaking the original responsible party.

What is the actual question does it separate?

     An association between the purported author and the signer?
     Is an authorization question?
     Does it absolve the responsibility of the original domain signer?

I don't think the raw DKIM-base document should be making any 
conclusion about that it intends to separate or absolve by moving the 
responsibility to that of the signer.

I propose that a better wording be used or even removal of the 3rd 
(separation) sentence in entirety. I think the first two sentences are 
good enough. Its pretty straight forward - the signer is responsible.

By having it, it implies that those using the DKIM-BASE implementation 
can effectively 100% ignore the original responsible domain own 
signature without technical and even possibly legal repercussions.

If ASDP is going to happen or have any hope of happening, DKIM-BASE 
needs to have some semantics that this separation is not CUT and DRY.

I don't think a reference to POLICY needs to be made, but only focus 
on the idea that the LAST SIGNER is the responsible party.


-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>