Re: revised Proposed Charter



On Jul 25, 2005, at 2:15 PM, Earl Hood wrote:


At the data level, S/MIME and DKIM (or similiar-type proposals)
are different.  For example, S/MIME does not deal with arbitrary
header fields, only the MIME Content- ones to protect the integrity
of the body.  I.e. S/MIME deals with the body part while DKIM and
others try to deal with the message as a whole (or in select
parts).

From a usage model perspective, S/MIME implies, "I have some
data I want to sign/encrypt using email as my transport."  While
DKIM and others imply, "I have an email message that I want
to sign to verify the sender and content."  See the difference?
One is at the MIME entity level while the other is at the
message level.

The major difference I see is that S/MIME signatures appear as anattachment, rather than hidden within headers. The identities' emailaddress within the certificate can be compared against the header'smailbox addresses. The 'From' and 'Subject' can be repeated withinthe message body if desired. While S/MIME attempts to minimizeheaders dependence, with a greater focus upon the message bodyitself, there is not a great difference between these two schemeswith respect to what is protected. The great difference is how keysare obtained. I would not conclude any great benefit derived byincluding often problematic visible headers, which remain optionalfor DKIM.

To use a CA of any sort, the sender needs to obtain a certificatefrom a CA trusted by the recipient's email handling application.This process involves both initial and ongoing costs to establish theexchange of these certificates. This results in a technology harderto deploy where end-users do not appreciate this added securitycompared to the cost. If there is a desire, I think there must besome better reasons given why S/MIME does not address this need.

As for "wide use of an authentication scheme suitable for the exchange
of email." as DKIM is currently defined, I do not think it can achieve
that goal (and I have raised my concerns in past emails and looking
forward to the next draft revision, including the next revision
of SSP).


I too have concerns, but feel these can be addressed.

-Doug

<Prev in Thread]	Current Thread	[Next in Thread>
Re: revised Proposed Charter, (continued) Re: revised Proposed Charter, Earl Hood RE: revised Proposed Charter, James Scott Re: revised Proposed Charter, Dave Crocker Re: revised Proposed Charter, william(at)elan.net Re: revised Proposed Charter, Earl Hood RE: revised Proposed Charter, Dave Crocker RE: revised Proposed Charter, James Scott Re: revised Proposed Charter, Michael Thomas Re: revised Proposed Charter, Douglas Otis Re: revised Proposed Charter, Earl Hood Re: revised Proposed Charter, Douglas Otis <= Re: revised Proposed Charter, Earl Hood RE: revised Proposed Charter, Hallam-Baker, Phillip RE: revised Proposed Charter, Hallam-Baker, Phillip Re: revised Proposed Charter, Michael Thomas Re: revised Proposed Charter, Ned Freed RE: revised Proposed Charter, Hallam-Baker, Phillip RE: revised Proposed Charter, Hallam-Baker, Phillip RE: revised Proposed Charter, Hallam-Baker, Phillip RE: revised Proposed Charter, Dave Crocker RE: revised Proposed Charter, Hallam-Baker, Phillip

Previous by Date:	RE: revised Proposed Charter, James Scott
Next by Date:	RE: QUERY: Key Server Choices, James Scott
Previous by Thread:	Re: revised Proposed Charter, Earl Hood
Next by Thread:	Re: revised Proposed Charter, Earl Hood
Indexes:	[Date] [Thread] [Top] [All Lists]