[ietf-dkim] DKIM Threat Analysis v0.06

Arvel Hathcock arvel at altn.com
Fri Aug 12 11:36:01 PDT 2005 

>> per se.  If I can assert some measure of control over who
>> uses my domain  this has value in and of itself.
>
> why?
>
> how?

This is perhaps a little philosophical for the current purpose but this is 
how I look at it:

My domain is an asset owned by me - it is property that I own.  Implicit in 
the ownership of a thing is the right (and duty) to control the use thereof. 
This duty stems from the fact that by owning a thing one is asserting 
responsiblity for it and is therefore expected to govern the thing owned in 
a societally responsible way.  Since there is an expectation of proper 
governance and because one has asserted responsibility through the act of 
ownership, the right to control all aspects of ones own property follows 
naturally (this right is required to fulfill one's duty).  This is why 
"because it's mine", although terse and rude, is nevertheless sufficient in 
answer to "why won't you let me take your car" etc... and it is sufficient 
in the context of *any* property ownership - including a domain name.  Now, 
all that to say this: because the right to govern and control a domain name 
is intrinsic to the act of owning one - it derives this value internally. 
That's why I say "in and of itself".  My logic might be fuzzy so please 
correct me where I've gone wrong.

As a practical application of this principle, although DKIM can't stop the 
spoofing of my domain, it can prevent the proliferation of spoofed emails to 
end users thus protecting my reputation and shielding users from whatever 
scheme the bad actors are currently up to in my name (this is an application 
of the 'societally responsible governance principle' of 'thing' ownership). 
Further, through the mechanism of DKIM and SSP, the receiving DKIM verifier 
has the ability to (a) validate legitimate signatures from me thereby 
assuring that I have asserted responsibility for the message content and 
selected headers and (b) know what my signing policy is thereby able to 
handle an unsigned or improperly signed message according to my wishes. 
This is, in my view, a measure of domain usage control which domain owners 
currently do not possess; the utility of which is not diminished simply 
because DKIM is not yet ubiquitous.  DKIM is an important tool which can 
help a domain owner take responsibility for his domain seriously and 
properly.

> The rest of your text in this paragraph was about broad
> effects.  I think we need to describe lower-level,
> more-mechanical effects.

Sorry 'bout that.  he he... I'm not being very helpful lately.

-- 
Arvel

More information about the ietf-dkim mailing list