[ietf-dkim] Purpose and sequence for
DKIM specificationand deployment
Scott Kitterman
ietf-dkim at kitterman.com
Mon Aug 29 13:46:27 PDT 2005
Hallam-Baker, Phillip wrote:
>>You are describing a mechanism and explaining what it may accomplish
>>in the narrow terms of the mechanism. This unfortunately has
>>nothing
>>to do with claims made within the charter regarding header
>>authentication.
>>
>>Lead-in problem statement:
>>,---
>>| Forgery of headers that indicate message origin is a problem for
>>users of
>>| Internet mail.
>>'---
>
>
> OK I think we are in agreement here. I think that the charter should be
> written in terms of
>
> 1) Providing a mechanism whereby an Internet domain name owner can claim
> responsibility for an email message
>
> 2) Provide a mechanism to allow notification of an Internet domain name
> owner's policy for claiming accountability
>
> 3) Provide an authentication platform on which TTP providers of
> accreditation and/or reputation information can build products that are
> tied to a domain name rather than an IP address.
>
> Forgery then falls out of the goals section of the charter, it is simply
> an attack that might be attempted.
>
In saying that, do you think that your #2 policy set includes describing
an authorized set of relationships between use of their domain in
certain header fields (e.g. From:) and the signing domain?
Also, does DKIM provide an authentication platform or an authorization
platform?
Scott Kitterman
More information about the ietf-dkim
mailing list