ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DKIM Signatures now being applied to IETF Email

2011-07-29 08:26:01
from [t.petch] [Permanent Link] 
---- Original Message -----
From: "Dave CROCKER" <dhc2(_at_)dcrocker(_dot_)net>
To: <ietf(_at_)ietf(_dot_)org>
Sent: Friday, July 29, 2011 12:18 PM


On 7/28/2011 12:34 PM, t.petch wrote:

But more importantly we have abolished the end-to-end principle.  If I am

going

to benefit from improved security on e-mail, I want to from the originator

to

me, not some half-way house giving a spurious impression of accuracy.


The end-to-end principle is often cited as an argument for any mechanism that

is

not the end-nodes.  I'm waiting for the day it is applied to a demand that

every

user's computer, tablet and smartphone be directly connected to every other

one,

so that we no longer suffer IP relaying by routers, since their presence
violates the end-to-end principle.

With respect to DKIM, the problem with your concern is that you appear to
misunderstand the function DKIM is performing.  Since that's well-documented,

I

suggest you review how it works and what it means.  In case that's too much
effort, I suggest you take a look at:

    The Truth About DKIM
    <http://bbiw.net/presentations/DKIM%20Truth.pdf>

specifically slide 4.  The left hand side includes a short list of common
mis-assumptions about DKIM's meaning, along with the one correct one.  See
whether you know which is the right one.


Yes, I know enough about DKIM to identify the right one.

I think that it is an error for the IETF to add DKIM signatures.  They do indeed
tell me
which intermediary has sent me the mail, but does nothing for the 'spam' that
the
intermediary accepted in the first place (albeit there being little of that on
the IETF
managed lists).  And has already been pointed out, the mailing list damages any
DKIM signature that is already there.  I find it interesting that John Levine
lists
'DKIM doesn't work with mailing lists'
as one of this three myths.  I think that that depends on the interpretation of
the word 'work'.  I would say that DKIM in this context, of a mailing list,
gives
a spurious impression of increased security that we would be better off without.
It functions, but does not work, in that it tells me nothing about the true
origin of the communication.

Tom Petch


d/

--

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [v6ops] Make 6to4 Experimental (was6to4v2 (as in ripv2)?), Rémi Després
Next by Date:  Re: IPv6 traffic distribution, Rémi Després
Previous by Thread:  Re: DKIM Signatures now being applied to IETF Email, Dave CROCKER
Next by Thread:  RE: DKIM Signatures now being applied to IETF Email, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]