On Tue, 2005-03-29 at 17:18 -0800, Dave Crocker wrote:
Is it prudent for domainkeys to attempt making assurances for the local-
part of the mailbox address? Not accommodating this local-part assurance
(via individual keys), would acknowledge domainkey's relative weakness in
terms of its ability to scale in this manner.
this is a transit validation mechanism, not a full-fledged legal signature
mechanism.
the nature of the 'assurances' being offered are intentionally minimal. the
purpose of the finer-grained keys has more to do with management than it does
with making strong assurances about the purported author.
I understand the intent. To permit bulk mail sent on behalf of
example.com, they setup a key such as 'g=sales' for some third-party to
use as sales(_at_)example(_dot_)com(_dot_) The unintended consequence is that
also
provides a greater assurance of the local-part than normal. This may
encourage use of per-user keys to obtain this 'assurance.'
An alternative would be to isolate such mail into a sub-domain, as
example sales(_at_)third-party(_dot_)example(_dot_)com(_dot_) Perhaps there
would be an
explicit indication that the local-part for this domain is not
'assured' (as a type of second class mail). For the local-part to be
assured, it would then be sent through their servers where keys have an
explicit means to indicate such an assurance. The explicit key
assertion, such as 'l=y' within the key, would then not require nor
encourage per-user keys.
-Doug