[ietf-dkim] DKIM charter (Should DKIM directly prevent spoofing?)

[Douglas Otis]

On Nov 16, 2005, at 12:00 AM, Stephen Farrell wrote:
> Doug,
>
> I've read your mail twice now and I honestly cannot see
> what's there that really needs to be addressed in terms
> of potential changes to the charter.

A claim made in the charter of detecting spoofing depends upon a  
comparison of the signing-domain with the email-address domain.  This  
suggests the email-addresses has been constrained to the transport  
when DKIM is advertised as a MTA to MTA mechanism.  It seems greater  
progress will be made excluding this highly contentious aspect.  Many  
hold unwarranted expectations that email-address constraints will  
abate abuse, however such constraints will also dramatically change  
the way email is used.  Why not defer the policy mechanisms related  
to email-addresses?  Once MUAs are able to track signing-domains, the  
need for any email-address constraint disappears.

To offer a fast and comprehensive response, a BCP for domains under  
attack could be created.  This should include use of DKIM and  
limitations on the links, as well as methods of recognition  
independent of what _may_ be visible.  We would be happy to provide a  
free listing service to publish those that meet the requirements of  
such a BCP.  Would that get the policy debate off the table?

-Doug