ietf-mailsig
[Top] [All Lists]

dkim support for identity "assessment" mechanisms

2005-07-27 11:03:26

Folks,

Once one has validated (authenticated) a signature, the fun really begins: The 
agent doing the authentication gets to *use* the validated identity for 
performing some sort of assessment, such as whether the validated identity is a 
"safe" sender of email.

Under the general category of identity "assessment", there already are multiple 
groups publishing reports and it appears that the numbers will grow.  
Terminology for this topic has not yet stabilized and some terms are even used 
ambiguously, but some consistent usage is emerging:  

A simple partitioning is between 

  1. those publishers who assess historical behavior, making statements about 
the "reputation" of the signer, and

  2. those who work with the signer to ensure that the signer conforms to 
standards that are specified and enforced by the agent publishing the 
assessment; this is called "accreditation".

One view of DKIM is that its sole, near-term purpose is to provide an accurate 
and reliable identity to be assessed.  However DKIM, itself, is not designed to 
perform or report assessments.

Still, there is clearly group interest in considering at least the relationship 
between DKIM and assessment mechanisms that might use it, and possibly to 
specify some aspect of DKIM usage with these mechanisms.

In that context, some obvious questions are:

What support for assessment mechanisms is required for the core DKIM mechanism? 

What support for extensible support (and, yes, that's recursive) of assessments 
is needed?

Other questions are encouraged.


  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net



<Prev in Thread] Current Thread [Next in Thread>