[ietf-dkim] DKIM Threat Assessment v0.02 (very rough
eric+dkim at sendmail.org
Tue Aug 9 17:23:36 PDT 2005
I'm not sure that we aren't in agreement here. But I'm also not sure
that we are.
The granularity of the identity is (potentially) per user. But the
granularity of the signer is per-selector. Thus, the identity in i=
is really a statement by the domain that "I have good reason to
believe that this is the responsible party" --- and "good reason to
believe" is left undefined, at least in the DKIM spec.
The point is really to be able to establish accountability. Viewed
externally, the domain is the responsible party for the message. But
internal to that domain, the local-part of the i= is useful. This is
almost a one-for-one analogy with email addresses, where the
local-part is opaque to all but the recipient domain.
--On August 9, 2005 4:23:20 PM -0700 Michael Thomas <mike at mtcc.com>
> Eric Allman wrote:
>>> That is not correct. The local part of the i= is intended to
>>> provide a binding to the local part of outside origination
>>> headers, not just the domain part. Which is why it is,
>>> in fact, a primary goal.
>> That doesn't change the fact that it is the /domain/ signing a
>> message, not a user. That domain may identify the individual
>> user in such a way that is within the comfort zone of the signing
>> domain administrator, but the keys are still owned and
>> administrated by the domain owner.
> That's all true, but that's not what Dave asserted:
> > This is precisely what DKIM does. It is the domain
> administrator who
> > defines
> > the DNS records used by DKIM and DKIM's granularity of the
> > identity is a domain name.
> There's finer granularity than the domain name. The i= defines
> it, not to mention the g=. Which in terms of a problem statement,
> etc, is misleading to say that it's a secondary goal; it's been
> a primary goal all along for everybody that I can determine except
More information about the ietf-dkim