[ietf-dkim] Re: dkim service
herzbea at macs.biu.ac.il
Fri Oct 14 01:03:25 PDT 2005
Stephen Farrell wrote:
> Ned Freed wrote:
>> Integrity protection is indeed a service, but it isn't the service DKIM
>> provides. The service DKIM provides is the ability to "assert
>> for an email message in transit by means of a digital signature." This
>> is how
>> the threats document puts it and while it is not exactly how I'd put
>> it (I
>> prefer the term "accountability" to "responsibility") I'm comfortable
>> with it.
> What do others think of this characterisation of the service dkim is
> providing? It'd be good if we did have an agreed term, and these
> seem reasonable to me. (I'd also prefer the "accountability" option.)
I agree. In fact, you may want to make signatures only an example, since
as argued before, it is a mechanisms not a goal (e.g., in some scenarios
a shared key message authentication code may be preferable).
As to accountability vs `assert responsibility`, I think these are dual
aspects of the same thing: DKIM signers assert their responsibility for
the message, and thereby they become accountable for them. Since DKIM is
a service foremost to the signers, I think we should actually use
`assert responsibility`, but I definitely am not against using the term
`accountability` if there is a better way to use it.
Using signatures just as an example makes it a bit more difficult to
express our goal of `no harm` in the sense of putting the DKIM fields in
optional header fields... but I think this can be done.
So a possible opener would end up like (modifying Stephen's last version):
The DKIM working group will produce standards-track RFCs specifying
how mail agents may assert their responsibility to an email message,
e.g. by digital signature, but without requiring any change to, or
causing any change in the operation of , other existing mail agents. The
responsibility may be limited to (some)
message headers as well as (parts of) the message body.
Hope this helps. BTW, I'll be away on vacation (Eilat!) next week.
Department of Computer Science
Bar Ilan University
Try TrustBar - improved browser security UI:
Visit my Hall Of Shame of Unprotected Login pages:
More information about the ietf-dkim