[ietf-dkim] Not exactly not a threat analysis
earl at earlhood.com
Tue Aug 23 18:06:15 PDT 2005
On August 23, 2005 at 10:09, Ned Freed wrote:
> It seems to me that the underlying disagreement here has to do with the
> term "signature". In DKIM signatures are nothing but a means to an end:
> They provide the means of attaching an accountably identity to a specific
I am uncertain about the use of the term of "accountability". It opens
up a can of worms on what the levels of accountability will be and
what will be the enforcement policies to insure accountability.
If the DKIM specification explicit states that it provides an
accountable identity for a message without mentioning what is
involved for being accountable, then you may get adoption problems.
What DKIM can do is provide a domain-level identity authentication
of domains involved in the transmission of mail. With a reliable
domain-level authentication framework, more reliable reputation,
accreditation, and other trust-type systems can be developed to deal
with abusive mail practices. Real accountability is defined by these
trust-type systems, not DKIM.
To better facilitate the functioning of these systems, the role of the
signer should be captured. Should a forwarder (e.g. college alumni
permanent address service) have the same level of accountability as
the originating domain (the domain that received the initial submission
of a message)?
It may be sufficient to just capture if the signer is doing a "here is
what I saw" signature and a "i'm the originating domain signature".
This will allow the laying of "blaim" more appropriately based upon
the role the signer plays.
Without capturing the role of the signers, entities will be hesitant
to implement DKIM until they know exactly what the accountability
framework is and the level of accountability taken upon the signer.
> Frankly, if there were some other means of performing this sort of
> attachment I would be in favor of using it, because people persist
> in conflating "signatures the cryptographic tool" with "signatures
> as a service". DKIM isn't supposed to provide a general content
> signing service, or a general nonrepudiation service, or any of
> the other myriad things that can be built on top of "signatures the
> cryptographic primitive". The service DKIM provides is the attachment
> of an accountable identity to a specific message. Nothing more and
> nothing less.
What does it exactly mean to be an "accountable identity"?
More information about the ietf-dkim