RE: DKIM: key identification and shared keys


Amir,

        I agree that there is likely to be a useful performance
improvement from the use of shared keys between the major email
providers.

However there are also good reasons for postponing the introduction of a
symmetric key mechanism:


1) As a practical matter a symmetric key signed email is not going to be
compatible with forwarding schemes except in the case that the origin
signature is a public key signature and the symmetric key signature is
from the forwarder.

1a) For this reason I don't think that the mechanism is workable unless
you have an accreditation scheme so that when an email has only the
signature of a forwarder a recipient can know 'oh yes I can trust that
despite the lack of the signature because the forwarder can be trusted
to check signatures on incomming messages'.

2) If we did want to go that way the obvious architectural approach
would be to use a PKI based key establishment protocol. We could either
roll our own here or more likely we would be looking at using the WS-*
stack as a ready built solution. Unfortunately the WS-* stack is not yet
in standards track.

3) This is a performance enhancement not a functionality improvement. If
we do see a major problem with DDoS attacks it is going to be against a
small number of very large email providers. It would not be difficult to
introduce an ad-hoc shared key scheme as an emmergency measure if
necessary. We are not talking about a major architectural re-design. We
introduce a new q scheme and selectors become Kerberos keys. 

4) This is a case where I am very confident that the transition
mechanism can work effectively. Essentially what we would need to do is
introduce an email reciever policy that declares an option to use a
symmetric key establishment protocol. Senders would have some internal
threshold such that they look to see if using the symmetric key
mechanism is possible if more than a certain percentage of email is
going to that destination.

5) The reason that DKIM is generating momentum that previous proposals
have not is that Yahoo and Google are effectively demonstrating that it
is possible to sign every outgoing mail even for the very largest email
providers. The value of that demonstration is weakened if it becomes
known that mail exchanged between the major providers is using a
separate symmetric keyed protocol.

<Prev in Thread]	Current Thread	[Next in Thread>
DKIM: key identification and shared keys, Amir Herzberg Re: DKIM: key identification and shared keys, Michael Thomas Re: DKIM: key identification and shared keys, Jim Fenton Re: DKIM: key identification and shared keys, Amir Herzberg Re: DKIM: key identification and shared keys, Eric Allman RE: DKIM: key identification and shared keys, Hallam-Baker, Phillip <=

Previous by Date:	Re: Proposals Re: DoS and Replay protection for message signatures, Amir Herzberg
Next by Date:	RE: Will user-keys cause DNS cache to explode?, Hallam-Baker, Phillip
Previous by Thread:	Re: DKIM: key identification and shared keys, Eric Allman
Next by Thread:	Fw: conduct on the list, Hector Santos
Indexes:	[Date] [Thread] [Top] [All Lists]