Hi, Eliot,
On 28-10-16 14:02, Eliot Lear wrote:
Hi Jon,
On 10/28/16 12:29 AM, Jon Callas wrote:
I'd like to suggest that it may be a good idea to increase the upper
value to 4096 or even 8192, to ensure that the standard is compatible
with best practices going forward.
I don't object to increasing it in the standard, but operationally I
don't think it's a good idea. Per-message processing cost is one
reason, but the larger one is the semantic value of a DKIM signature,
and what it is trying to do.
DKIM is a conversation between two administrative domains, and a
signature only states that an administrative domain is taking
responsibility for placing the message in the message stream. Nothing
more.
I really don't get your point. Either the thing is worth signing or it
isn’t. See below.
That assurance comes at a cost of whatever integrity that assigns to a
message that might have been unintended. That message integrity is a
privacy loss by the users.
The real-world case in point is the leaked Podesta emails, where some
people have asserted that authenticity can be checked via the DKIM
signatures. I've raised an eyebrow on that, and the bottom line is
that you're presuming that attackers were sophisticated enough to
steal the email, yet unsophisticated enough that stealing the DKIM key
from an MTA is out of the question.
If it’s the same conversation I was engaged in, I think the person was
just confused. A simpler approach to plausible deniability is simply
not to sign.
An end user often cannot choose to sign or not to sign. The end user is
dependent on what the ESP or the employers organization configures.
Well, of course one could change ESP... But changing employer is quite a
step ;-)
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html