On Dec 22, 2005, at 12:06 PM, Frank Ellermann wrote:
Douglas Otis wrote:
DKIM should be seen as aspect of the SMTP transport.
It could also work for news if we get the FWS canonicalization right.
Agreed. The presents of the signature should not impose limitation
upon what content (email-address) is carried.
Schemes related to the email-address such as S/MIME or OpenPGP are
designed to support email-address limitations.
Maybe they missed the point, mail without signature. A simple way
to publish that all mails claiming to be from X are spam if they
don't have X's signature. [ I'm just spamcop-ping 36 phishes
claiming to be from my bank, hilarious ]
If the MTA or MUA cached assurances (binding) found in messages
indicating this message should always be signed, then the only
additional lookup needed would be to confirm continuation of the
assurance when such message is found lacking the signature. The
caching require to mitigate most abuse could be simply a list of
domain names held within a local DNS zone. Once recognition at the
MUA becomes widely deployed, caching at the MTA would be redundant
and not needed.
For SSP, there is a policy search walking up DNS label trees for
nearly each and every email received, and will likely lead to
coercion to increase the number of domains publishing records. As an
alternative, the recognition approach allows incremental deployment.
For many domains, a closed-policy will be disruptive and yet an open-
policy will likely damage their reputation. The binding approach
does not incur the overhead, risk reputations, or require coercion to
mitigate policy overhead.
-Doug
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf