[ietf-dkim] Not exactly not a threat analysis
earl at earlhood.com
Mon Aug 15 14:11:33 PDT 2005
On August 15, 2005 at 12:53, Michael Thomas wrote:
> I think we'd do better to just not conflate both of these
> things. There are signers that are willing to assert
> "this passed through me, for whatever that's worth", and
> "this passed through me, and I have a relationship with
> one or more of the outside addresses visible". The first
> is, essentially, a signed received header. The second
> provides the originating domain a way to provide some amount
> of comfort to the receiver that it's that domain sending
> the mail rather than some random forger. They solve two
> different problems, IMO, and a domain may well be willing
> to provide the first, but not the second.
But DKIM does not really allow the first, in the general. In the
first case, the signer is attempting to verifying routing information,
but all DKIM signatures are bound to "originator address". Therefore,
if the SSP disallows third-party signing, then a domain cannot just
sign any message, unless it is the originating domain. Not all mail
delivery is point-to-point.
Multiple signatures are punted on in the DKIM draft, so that further
If DKIM supported richer binding semantics that went beyond the
"originator address", then something like the first case is doable.
Of course, richer binding semantics does add complexity.
More information about the ietf-dkim