On Mon, 2004-12-13 at 09:12, Robert Barclay wrote:
On Thurs, 2004-12-09 at 2:19 PM Douglas Otis wrote:
On Thu, 2004-12-09 at 11:50, wayne wrote:
Michael Thomas <mike(_at_)mtcc(_dot_)com>> writes:
So it seems that a lot of people are taking it as axiomatic
that a Sender: signature provides some utility.
Personally, I see very little utility in protecting the Sender:
header, and far far less in protecting the Resent-* headers. I see a
lot of utility in protecting the From: header, the envelope from
(2821.MAILFROM), and the HELO domain.
How does this get deployed? The From is a function of the Originator
and can be a domain independent of the Submitter domain.
I actually see this as an advantage for signatures on the From rather than a
disadvantage. In the case where the Sender and From domains are identical
there is obviously no problem with key distribution. In cases where
businesses have relationships which allow real authorized mail using their
domain to be sent from outside of the administrative domain this gives them
a clear way to express that authorization and accountability for that use of
their domain.
Obviously, private keys could still be used in Submitters of those so
authorized. A desire to distribute authorization in this manner is not
inhibited by the use of Submitter. The number of private keys
distributed in the case of the Submitter are much fewer than to
Originators.
The owner of a domain is likely only going to accept accountability
for mail sent through domains with which they have some type of
relationship. If the key verification requires a query against the
domain owner and the keys are distributed by the domain owner to all
sources they accept accountability for (which likely would include
things like third parties who mail on their behalf, the MTA's of
traveling salesmen, in addition to their own MTA's) then we would have
a pretty complete list of everyone that domain owner has taken
positive steps to indicate as an authorized Submitter for their
domain.
The private key is the means of distributing authority and has no other
relationship to the source of the message. If based upon the Submitter,
a traveling salesman will likely use a submission port or a VPN to
exchange messages, if signed by their company. This also allows the
company to track their signed communications, which is becoming a
growing legal requirement.
You have not addressed how private keys would be distributed to the
Originator as apposed to the Submitter. If so, how many more keys will
then need to be tracked, revoked and verified? How many more components
will need to change?
Again, there are already methods of distributing keys to the
Originator. Why do you think this has not gained greater use? By
limiting the signature function to the Submitter, the issue of keys
becomes much simpler to administer and deploy, and offers greater
control in its use.
-Doug