[ietf-dkim] New Issue: ssp-requirements-01 // Outsource First Party
Signing concerns extended
Douglas Otis
dotis at mail-abuse.org
Wed Sep 20 15:15:49 PDT 2006
4.3. Scenario 3: Outsourced First Party Signing
Append:
One aspect of message handling greatly benefited by inclusion of a
DKIM signature is abuse reporting. As DKIM offers no replay
protections, the principal identifier accruing behavioral information
must remain the client IP address. As such, the domain transmitting
a message should also be the domain signing the message. This
ensures vital abuse feedback reaches the party most likely affected.
This does not happen when keys or delegations of a foreign domain are
utilized within the DKIM signature 'd=' parameter.
A domain offering either their key or a portion of their domain may
not have access to logs needed to repudiate messages they may wish to
later refute. The source of a signed message being questioned may
prove difficult to determine when a provider is entrusted to perform
signing "as-if" a first party from the perspective of the 2822.From
email-address domain.
-Doug
More information about the ietf-dkim
mailing list