[ietf-dkim] Re: dkim service
Dave Crocker
dhc at dcrocker.net
Fri Oct 14 07:50:42 PDT 2005
>> 'making this up as I go' is really exactly the problem. multiple
>> signatures moves from one entity taking responsibility to some
>> unknown combination of responsibilities, ensuring substantially
>> greater complexity in the overall system. What are the relationships
>> among the signers? How much does the validator care and in what
>> way? etc.
>
> This dilemma is completely possible today by
> inspecting the ip addresses in received headers. Somehow
> the world has continued rotating,
Could have sworn we were talking about formal standards and what works
for them, rather than what kinds of informal heuristics people use.
Please cite a standard that has that specifies the kind of trust
ambiguity you are promoting.
> The mail system today shows it is
> far more resilient than is being given credit for.
could have sworn the purpose of this exercise is to tighten up
accountability, rather than demonstrate that things can continue to work
in the face of extensive ambiguity.
>
>> ps. the small matter of transitions, such as between different
>> signing keys, is really the argument that convinced me we needed
>> multiple signatures. but that is a "find one valid signature" rather
>> than :"analyze the relationship among multiple".
>
> There's intermediate ground between "find one" and "analyze
> the relationship" too. One can treat them as independent
> entities for input to a rules engine too.
one "can do" many different things. the purpose of a standard is to
specify specific ones.
d/
More information about the ietf-dkim
mailing list