[ietf-dkim] Re: DKIM BOF -- draft charter and agenda
Earl Hood
earl at earlhood.com
Mon Oct 17 15:02:29 PDT 2005
On October 14, 2005 at 14:28, Barry Leiba wrote:
> The DKIM working group will produce standards-track specifications
> that allow a domain to take responsibility, using digital signatures,
> for having taken part in the transmission of an email message and to
> publish "policy" information about how it applies those signatures.
> Taken together, these will allow receiving domains to detect (or rule
> out) spoofing in many circumstances.
I think there is a mixture of two things in the above: claiming
responsibility and anti-spoofing. Claiming responsibility can be a
different operation from any anti-spoofing operation. There appears
to be a leap-of-faith in stating, "receiving domains to detect (or rule
out) spoofing in many circumstances." Especially the use of "many".
It may be better to state:
The DKIM working group will produce standards-track specifications
that allow a domain to take responsibility, using digital signatures,
for having taken part in the transmission of an email message and to
publish "policy" information about how it applies those signatures.
Taken together, these will assist receiving domains in detecting
(or ruling out) certain forms of spoofing as it pertains to the
signing domain.
In sum, we should be careful in mentioning anything about anti-spoofing
unless anti-spoofing is a major goal. If it is, it may help to
mention what forms of spoofing are to be addressed.
The first sentence of the paragraph seems to imply that only hop-based
spoofing will be addressed.
--ewh
More information about the ietf-dkim
mailing list