ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Proposal: Removal of AUID (i= tag/value)

2011-04-04 18:06:16
Murray S. Kucherawy wrote:
-----Original Message-----
From: MH Michael Hammer (5304) [mailto:MHammer(_at_)ag(_dot_)com]

But creating a sub-domain, means that the from needs to match too,
Why?  That's an ADSP thing, not a DKIM thing.

I think his goal is to have it be a 1st party signature (From and d=
match) even absent an ADSP assertion. I'm not sure I agree that this is
just "an ADSP thing, not a DKIM thing". We don't publish ADSP yet I have
had receivers tell me that our doing this is useful to them.

In that case, it's neither.  DKIM doesn't make a binding between 
"d=" and anything else in the message (except "i=", sort-of). 

Sort of?

The difference is INVALID_SIGNATURE and thus NO_SIGNATURE results.

Anyone that tries to make a distinction between first party and 
not first party is doing something outside the scope of DKIM.

Until ADSP is not longer a chartered item or chair is arm twisted to 
officially shutdown the IETF WG Policy standardization efforts, it is 
still in scope to make that distinction.  Lets not forget about threat 
analysis RFC that warns us about anonymous and unauthorized mail 
signing streams and how policy is one solution to this security 
problem.  Even without Policy in the form of ADSP, when it is in the 
form of Trust is also POLICY concept. When you begin adding 
"independent trust assessment service" into DKIM scope and spec, this 
inherently introduces first vs third party distinctions.

A message stream, in the context of DKIM, should be evaluated 
based on the "d=" value, and nothing else.

We know this is the intent - trust the signer, trust the signer, trust 
the signer, and if you trust the the signer, nothing else matters,. 
But the unfortunately facts no matter how many times this mantra is 
rammed in, it still remains to be a very difficult concept to sell or 
prove that it the the only workable thing in town for evaluation.  The 
basic problem is a high potential for lack of consistent high quality 
outputs.  It is hard for any process in the world can get high quality 
output without having impurities filtering component.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>