[ietf-dkim] linkage between "originator" and "handling agent"
hsantos at santronics.com
Tue Aug 16 11:35:58 PDT 2005
From: "Dave Crocker" <dhc at dcrocker.net>
> There are various types of identifiers that relate to the originator and
> various others that relate to handling agents. I've tried to avoid listing
> specifics in order to focus on what seems to be an underlying requirement.
> In fact this requirement seems so basic and pervasive that
> I am wondering whether it is necessary or appropriate to
> restrict it to a particular authentication technique?
> Equally I am wondering whether it is not distracting from the core DKIM
> authentication work to emphasize this particular requirement prior to
> deployment of a signing/validating mechanism.
> In other words, it is starting to look as if the mechanism for enforcing
> originator/handling linkages needs separate focus from techniques for
> performing authentication.
I am trying to figure out "what you are thinking?"
- No talk of ANTI-SPAM/SPOOF/PHISH (ASSP) solution
- Independency allows CVS and DNA considerations
If the latter, then I believe you need to be straight here on your overall
SOLUTION = SENDER (CVS) + REPUTATION (DNA) + AUTHENTICITY (DKIM)
If this is not the case, then this relaxed DKIM independency clearly does
not stand on its own (as the specs are currently written). You are forcing
the issue of considering other SMTP based protocols.
Can you clear this right away? I can see why you may not want to make it
harder for standards track issues. But it will help to know what are the
"long range" plans.
Dave, lets imagine that DKIM becomes the standard tomorrow and we begin to
receive DKIM messages. We were not DKIM aware yet, but now we see a bunch
of emails with DKIM signatures. So we begin to explore DKIM.
The first thing we notice that there are a much of DKIM signed messages
purporting to be SIGNED from domains which have NO Policy defined or
conflicting signing policies?
How do you expect us to handle this?
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim