On Jul 29, 2011, at 6:18 AM, Dave CROCKER wrote:
On 7/28/2011 12:34 PM, t.petch wrote:
But more importantly we have abolished the end-to-end principle. If I am
going
to benefit from improved security on e-mail, I want to from the originator to
me, not some half-way house giving a spurious impression of accuracy.
The end-to-end principle is often cited as an argument for any mechanism that
is not the end-nodes. I'm waiting for the day it is applied to a demand that
every user's computer, tablet and smartphone be directly connected to every
other one, so that we no longer suffer IP relaying by routers, since their
presence violates the end-to-end principle.
With respect to DKIM, the problem with your concern is that you appear to
misunderstand the function DKIM is performing. Since that's well-documented,
I suggest you review how it works and what it means. In case that's too much
effort, I suggest you take a look at:
The Truth About DKIM
<http://bbiw.net/presentations/DKIM%20Truth.pdf>
specifically slide 4. The left hand side includes a short list of common
mis-assumptions about DKIM's meaning, along with the one correct one. See
whether you know which is the right one.
DKIM is not my favorite protocol. But it's not like there haven't been several
efforts to define e2e authentication for email, including PEM, S/MIME, PGPMIME,
and several others whose acronyms I'm too lazy to look up at the moment.
Implementations of email clients that support e2e authentication are not hard
to find, and some people do use them. But they've never been widely used. I
don't blame the DKIM proponents for wanting to try a different deployment
model, for a different use case.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf