[ietf-dkim] Charter bashing...
Hector Santos
hsantos at santronics.com
Wed Oct 12 03:29:07 PDT 2005
----- Original Message -----
From: "Stephen Farrell" <stephen.farrell at cs.tcd.ie>
> The following are out of scope of the working group:
>
> ? duplication of other secure mail protocols (S/MIME, PGP)
IMO, this is "apples and oranges." While we can learn from similar possible
issues, the "twain shall never meet."
> ? supporting multiple signatures on single messages
> ? specifying user level signing and/or verificaiton of messages
> (though support for this in future may be a goal of this or some
> other working group)
> ?? delegation of signing capabilities
I am not entirely sure what exactly you have on your mind here, but it
sounds like these three items are all related.
I view the #1 threat to DKIM is having a lack of SSP validation assurance.
A good analog is the #1 problem in SMTP that got the industry into trouble
in the first place; presentation of SMTP process entities where the server
has no requirement for checking. i.e. client domain name (HELO/EHLO) and the
return path (MAIL FROM).
To me, the #1 barrier to DKIM adoption and/or utilization will be the lack
of SSP validation by DKIM verifiers and/or 3rd party DKIM resigners. The
overhead concerns regarding SSP validation should not open a DKIM "loop
hole" threat vector.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
More information about the ietf-dkim
mailing list