[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
Michael Thomas
mike at mtcc.com
Tue Aug 9 13:28:42 PDT 2005
Dave Crocker wrote:
>>>> In the current Internet Mail environment a mail receiver can never be
>>>> sure whether a piece of mail was from the purported author they
>>>> normally associate with the claimed identity. This leads to many
>>>> avenues of abuse.
>>>> A secondary goal of DKIM is to validate a standard identity field,
>>>> such as RFC2822.From or RFC2822.Sender.
>>>
>>> Stating this as a secondary goal appears to contradict the earlier
>>> paragraph. I.e. The earlier paragraph implies that validating
>>> RFC2822.From or RFC2822.Sender would be a primary goal.
>>
>> I agree.
>
>
>
> Well, a coherent and not-contradictory thought was driving my writing, but
> Heisenberg got in the way.
>
>
> The intended thought was that having ANY accountable entity -- where the
> accountability is meaningful -- improves the likely validity of the other
> identity fields.
>
> So, no, I had not intended to make direct validation of From or Sender a primary
> goal.
I, on the other hand, do.
Mike
More information about the ietf-dkim
mailing list