DKIM TTPs (was Re: [ietf-dkim] editorials and nits)

[Douglas Otis]

On Jul 5, 2006, at 4:41 PM, Stephen Farrell wrote:
>
> Douglas Otis wrote:
>> On Jul 5, 2006, at 2:36 PM, Paul Hoffman wrote:
>>> At 12:44 PM -0700 7/5/06, Douglas Otis wrote:
>>>> DKIM generally represents a domain wide entity.  A trusted third  
>>>> party (TTP) establishes trust between two parties when both  
>>>> trust the third party.  For DKIM, the TTP would be the signing  
>>>> domain verified by DNS.
>>>
>>> This is completely wrong, and goes against nearly everything that  
>>> this WG has been working on. The signing domain is *not* trusted.
>>>
>>> Does anyone other than Doug think that it is?
>> You have misunderstood what was being said.
>
> Clash of terms there. The DNS, as used by DKIM, is a TTP in
> crypto-protocol terms according to the well-understood use of that
> term [1]. I think I first heard such a definition 20 years ago.

 From your reference:
---
In cryptography, a trusted third party (TTP) is an entity which  
facilitates interactions between two parties who both trust the third  
party; they use this trust to secure their own interactions. TTPs are  
common in cryptographic protocols, for example, a certificate  
authority (CA).
---

While DNS associates a key with a domain name, there should be no  
expectation this domain name represents a tangible entity or offers  
meaningful recourse.  There are thousands of entities involved in  
these associations, where the basis is often limited to just the  
domain name itself.   It is difficult to consider an amalgam of often  
anonymous entities a "trusted third party" for "securing" email  
interactions.  Use of DNS by DKIM certainly falls short of the  
expectations of a TTP as set by Certificate Authorities or the  
example given of a notary public.  For DKIM to offer security, a  
separate assessment of the DKIM domain name should be made (likely by  
a TTP).  In that sense of trust or "securing" interactions, DNS fails  
this definition of TTP for email in my view.

-Doug