[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
earl at earlhood.com
Tue Aug 9 16:34:37 PDT 2005
On August 9, 2005 at 15:42, Michael Thomas wrote:
> > This is precisely what DKIM does. It is the domain administrator who defin
> > the DNS records used by DKIM and DKIM's granularity of the validated identi
> ty is
> > a domain name.
> That is not correct. The local part of the i= is intended to
> provide a binding to the local part of outside origination
> headers, not just the domain part. Which is why it is,
> in fact, a primary goal.
The setting of i= is under the control of the signing agent, which
does not have to be the author/sender. If I understand Dave's (and
some others) view of DKIM, it is the domain owner who has the control
of setting i= (via the domain owner's signing process).
The granularity of the value of i= is solely up to the domain owner
and the internal (security) policies it defines when signing messages
submitted by the domain owner's users.
The only way the author/sender has control over i=, is if they have
control over DKIM signing software and are themselves the domain
owner (or have an agreement with the domain owner to control the
signing process). But here, the whole signing/verification process
is still domain-based.
As DKIM is currently defined, the i= tag must also be a sub-domain
of the d= tag. Therefore, the "identity" of the user is determined
by the domain owner and not the author/sender.
The strength of the identity specified in i= is completely up to the
domain owner, and only has meaning to the domain owner. As noted in
the DKIM draft, the value of i= may not represent any address value
in a message header (e.g. rfc2822.from/sender).
Independent of the merits of DKIM, I think it helps to view it (and
other competing proposals) on who has control over the signing process
(and to a lesser extent the verification process). This helps to
determine where accountability lies for a particular mail message.
In DKIM, the domain owner has ultimate control over the signing
process, not authors/senders. Therefore, it is the domain owner who
has ultimate accountability.
More information about the ietf-dkim