ietf-mailsig
[Top] [All Lists]

RE: one more time: agreeing on the basic goal of MASS

2004-11-30 09:48:04


-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Dave Crocker
Sent: Sunday, November 28, 2004 5:51 PM
To: Dave Crocker; Robert Barclay; 'ietf-mailsig'
Subject: RE: one more time: agreeing on the basic goal of MASS



  >  say that my goal for this service is to provide a mechanism for
the
  >  domain of a message author to provide an assertion that they
authorized
  >  the sending of a specific message.
...
  it occurs to me that the precise meaning of your statement might
actually
  go farther than we want, since it implies per-message assessment by
the
  domain owner.

I should explain where my concern about "per-message assessment" came
from:
The reference to "a specific message" means that each message is
authorized.
The problem word is "specific".  For per-message authorization to mean
anything, it has to imply per-message assessment.

So I suggest that the language should be modified a bit:

      A validated MASS signature means that the domain listed in the
RFC2822.Sender(*)
      header has authorized the sender to post messages under its
domain.
The domain
      is accountable for mail that it validates.

      (*)The RFC2822.From header serves the role of the Sender
specification, when the
          RFC2922.Sender header is not present.

This sounds good to me. It still does not seem, in any practical way, to
restrict what the signature means outside of the context of the specific
message a receiver is evaluating, but also does not imply that the
authorization is necessarily evaluated per message. In general I would
like to find a way to say that to communicate that the RFC2822.Sender
domain has authorized this message you are currently evaluating while
saying as close to nothing about how individual domains may approach
deciding who or what is authorized as possible.




On 23 Nov 2004 06:13:16 -0000, John Levine wrote:
  I find it helpful to remind people that the result of any
  authentication scheme is only that you know who to blame for the
  message, not whether a message is spam,

Exactly.  And that's what I mean by the accountable, above.

I agree also. I think this point is one that makes it crucial that the
signature NOT survive any significant semantic change. I for one have no
desire to accept accountability for messages whose content was altered
after I sent them.

Robert







<Prev in Thread] Current Thread [Next in Thread>