[ietf-dkim] Forgery complexities
dhc at dcrocker.net
Mon Aug 29 13:18:26 PDT 2005
> Lead-in problem statement:
> | Forgery of headers that indicate message origin is a problem for
> users of
> | Internet mail.
DKIM is an authentication technique. It authenticate an identity.
Authentication is not needed, unless one is worried about invalid uses of
identities. I think that it is reasonable to call that "forgery".
So the opening statement is factually correct. And it is describes a concern
that is the foundation for pursuing DKIM.
> The goal of DKIM.
> | The DKIM working group will produce standards-track specifications that
> | permit authentication of message headers during transit, using
> | signatures and based on domain name identifiers.
> While one could describe signature verification as authenticating the
> signature header, this is not addressing the problem statement.
Ensuring that the received headers are the headers that were sent does not
address the problem of forgery?
The fact that DKIM provides a digital signature based on a hash of the message
headers means that, in fact, it is ensuring that any modification to the
headers, after the message is sent, will be detected. Hence, they are
authenticated... With respect to the identity doing the signing.
> headers which could possibly relate to forgery are _not_ being
> authenticated. I find these two statements misleading and not
> representative of the DKIM mechanism as currently devised.
I think you are confusing the benefit of closing SOME holes with the desire/need
to close ALL holes. The fact that some forms of forgery are dealt with by DKIM
does not mean it attempts to deal with all forms.
> General goals:
> - Establish accountable domain-specific opaque identifier.
what does domain-specific "opaque" identifier mean? Opaque to who? Compared to
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
More information about the ietf-dkim