[ietf-dkim] Not exactly not a threat analysis
Scott Kitterman
ietf-dkim at kitterman.com
Tue Aug 23 20:21:05 PDT 2005
Dave Crocker wrote:
> Let's remember that the primary role for this signature is as input to a
> delivery filtering process. So the nature of the 'accountability' is inherently
> narrow.
That's one view. I view that role as entirely secondary to the
potential for DKIM to restrict certainly classes of forgery.
If accountability is the goal, this may actually be a step back in some
places. Currently almost all filtering is being done based on IP
addresses and so the accountable entity is the previous hop.
If accountability is assessed at the signing entity, then forwarders
that neither sign nor munge messages may achieve a relaxation in the
level of accountability they are currently enjoying.
So in your view, what is the accountability entity for a message sent to
you, the MUA/MSA/MTA that signed the message or the MTA that sent you
the message if they aren't the same?
If I didn't send you a message, how can you hold me accountable for you
having gotten it?
Scott Kitterman
More information about the ietf-dkim
mailing list