ietf-mailsig
[Top] [All Lists]

Re: draft-delany-domainkeys-base-02.txt

2005-04-02 21:32:29

Sorry for the delayed response. imc.org was ignoring my posts - even though I'm
a subscribed member.


--- Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:

There is some redundant information within domainkeys.

http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-02.txt

I assume the following is saying the sending domain has confirmed the
user is entitled to use the local-part of either the Sender or From
header.

No. It's saying that selector can only be used with an email that contains that
localpart.


|The current valid tags are:
|
|   g = granularity of the key. If present with a non-zero length
|       value, this value MUST exactly match the local part of the
|       sending address. This tag is optional.

|Finally, DomainKeys is only intended as a "sufficient" method of
|proving authenticity. It is not intended to provide strong
|cryptographic proof about authorship or contents. Other technologies
|such as GnuPG and S/MIME address those requirements.

This statement contradicts the g= feature intended to do just that,

Not if you view g= as constraining the use of the selector to that localpart.
The idea is to give such selectors to out-sourced email marketers so that they
can only use, eg, sales(_at_)mail-abuse(_dot_)org and so that they cannot use 
any other
localpart in that space.

Such a selector/private key could easily be distributed to multiple email
marketers who aren't localpart authenticated in any sense.

I admit to not being happy with:

http://www.ietf.org/internet-drafts/draft-kucherawy-sender-auth-header-00.txt


Murray has had a paucity of feedback so why not help him out and make yourself
happy at the same time?


Mark.


<Prev in Thread] Current Thread [Next in Thread>