[ietf-dkim] Keys vs. Reputation
Douglas Otis
dotis at mail-abuse.org
Tue Aug 22 09:03:47 PDT 2006
On Tue, 2006-08-22 at 10:45 -0400, Damon wrote:
>
> Wow, that was a lot of typing to try and convince me that everyone
> hates more phone calls and trouble tickets and therefore we should
> punt.
>
> Are you saying that you see NO value in it or so little value that it
> would be statistically insignificant?
> Remember- it is OPTIONAL.
The 2822.From policy assertions should describe actions of the signing
domains. A suggestion has already been made to differentiate between
scenario 1 and 2 in the requirements draft. It should be clear whether
all initial messages are signed AND whether common services are also
being used. The difference could represent the extreme measures a
phishing target may find necessary at this time.
All + Only = DKIM Signer Complete (no non-complaint services)
All = DKIM signer Extended (some non-complaint services)
When translated to signer actions, Hector argues for an assertion that
indicates the signer Never signs, and a flag that indicates designated
domains do not validate the 2822.From address. Both of these assertions
offer little benefit from a protective standpoint, and might be debated
on that basis. The more important aspect of this debate is centered
upon understanding a difference between suggesting verifier actions and
clarifying signer actions.
-Doug
More information about the ietf-dkim
mailing list