On Mon, 2004-11-22 at 14:47, Dave Crocker wrote:
On Mon, 22 Nov 2004 14:33:17 -0700, Robert Barclay wrote:
say that my goal for this service is to provide a mechanism for the
domain of a message author to provide an assertion that they authorized
the sending of a specific message.
this sounds good to me. would others care to comment?
it occurs to me that the precise meaning of your statement might
actually go farther than we want, since it implies per-message
assessment by the domain owner.
perhaps a bit of tuning?
something like "the domain of the message author has authorized the
message author to send messages under the domain"?
Goal:
Provide an authentication method using a digital signature to establish
an associated mailbox or mailbox-domain as originating the message.
The presents of this signature is not sender authorization, as there is
no control when and where the message is sent, unless a mail policy can
be applied. Wording of sender authorization implies the mail-channel or
a global policy is somehow included.
Should these implications be handled as a separate goal?
it doesn't flow trippingly off the digits, but it's probably closer to
reality.
There are also some other goals that I think make this different than
PGP or S/MIME. For example I think it is a goal of this system to avoid
impacting the MUA display while for S/MIME and PGP the goal is
specifically to display the authentication to MUA's.
there seems to be consensus for mass requiring no MUA changes. i've
never been aware of an mua related 'design goal' for pgp or s/mime.
While the goal should consider the impact upon non-modified MUAs, there
are considerations appropriate when the signature is made robust. The
ability to reject messages that appear to have been signed but fail
depends largely upon the robust nature the signature. I fear this will
become the norm for spammers if the signature is not robust.
-Doug