ietf-mailsig
[Top] [All Lists]

Re: draft-delany-domainkeys-base-02.txt

2005-04-04 13:47:08

"Douglas" == Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:

    Douglas> On Sun, 2005-04-03 at 21:07 -0400, Sam Hartman wrote:
    >> >>>>> "Douglas" == Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
    >> 
    >> Brief summary: we disagree a lot.
    Douglas> This mechanism is the only means to make the validation
    Douglas> of the local-part explicit.  It may not be reasonable, if
    Douglas> this causes a proliferation of user-keys beyond normal
    Douglas> capacity.
    >>  That's unclear to me.  I'm not sure whether current domainkey
    >> semantics say that the local part is validated.  If they do
    >> not, allowing a policy attribute to be attached to a signature
    >> saying that the local part is validated seems sufficient to
    >> address your concern.

    Douglas> To establish local-part assurances, a local-part
    Douglas> validated assertion within the key would provide an
    Douglas> alternative to binding the local-part with the key.  This
    Douglas> would address one aspect of my concerns.

that's not what I said.

    >> I disagree that it is desirable to discourage the use of
    >> per-keys.  I disagree that it is acceptable for per-user keys
    >> not to validate a local part and will block any IETF document
    >> that attempts to do so.

    Douglas> The 'g=<local-part>' key mechanism is simply poor
    Douglas> practice, from the perspective of publishing local-part
    Douglas> addresses, and inappropriate DNS use.  Distributing
    Douglas> private-keys to a population of untrusted users, with
    Douglas> often questionable security, represents a sizeable
    Douglas> deployment barrier that DomainKeys can overcome by NOT
    Douglas> allowing.

I think we disagree at a fairly fundamental level here and I do not
believe repeating arguments at each other is going to change our
positions.  I think I understand your position fairly well now and I
greatly appreciate your help in doing so; I did not when we started.

Are there any areas of my position you want clarified?




<Prev in Thread] Current Thread [Next in Thread>