[ietf-dkim] ISSUE: Better definition of "DKIM
hsantos at santronics.com
Fri Nov 24 16:35:32 PST 2006
----- Original Message -----
From: "Charles Lindsey" <chl at clerew.man.ac.uk>
>>> Unfortunately, the world is already way beyond 1 to 1 EMAIL.
>> You're kidding? Private mail is obsolete?
> No. But a lot of Email is NOT private (this List for a start).
Ok, so GROUP and/or GROUP-like mail systems existed for a long time. That
doesn't suggest that private communicatons is passe nor is group ware
systems replacing it.
>> But Charles, NEWS/EMAIL gateways goes both ways. Your design would
>> have to work in both directions.
> No it wouldn't. There are Email2News Gateways, and there are News2Email
> gateways, and there are some which try to do both (and doing bidirectional
> gatewaying 100% safely is an unsolved - and probably unsoluble - problem).
Thats my point. It is a doable concept but when you begin to intoduce DKIM
into it, it opens up a whole new set of Campbell Worm Soup :-)
Its like List Servers (LS). I think everyone agrees LS works fine and has
been for a long time. But now we introduce DKIM and now we are dealing
with design concepts which may requires LS design alterations and people are
resistant to this. We are trying to make DKIM work with LS systems and its
nearly impossible (DKIM isn't going to be very effective in LS in its
>> ... If you post via NEWS you are
>> talking about GATING to a EMAIL system. What are the rules here? Do
>> you hash the NNTP required headers? Do you strip them? And vice a
>> versa? Same issues.
> That is exactly the question this thread is attempting to address. There
> is no question, at the moment, of requiring hashing of anything sent by
> NNTP. The best suggestion so far is that the News2Mail gateway should
> treat it as a resend and add the proper Resent-* headers. And if someone
> can convince me that would solve the problem, then I can try and get that
> written into the upcoming News protocol standard.
I think it is a separate consideration that needs to fit on top of DKIM.
There might have to be updates to the specs to might include NNTP
considerations for NNTP required headers, for example, newsgroups:, path:.
IMV, for a pure NNTP environment, the DKIM implementation is clearer. It is
the gating part of it is where it gets really murky because now we are
dealing with transformation issues. And even if we limit this to one
direction, we must make sure that "other direction" doesn't become a
>> I am not sure I follow but this is exactly one of the protections I
>> ant - I don't want someone using my domain in such areas
> And how, precisely, do you propose to prevent it?
With SSP! <g>
>> IMV, we should stop trying to mix EMAIL vs NEWS - two different things.
> Sorry, that horse bolted through the open stable door 15 years ago.
(for longer than that)
> You just admitted that your own company writes software to do such
Right. And one would naturally think I would be among the first to support
this if its was that easy to do. But I can immediately see the major issues
across the board from point to point. This thread hasn't even touch base
with 1% of all the issues that needs to be considered to implement DKIM in a
news/email system environment. For a pure NNTP newsgroup system? Sure,
very doable. But Gating? That will be very complex. Not saying it can't
be done. But I believe it would be a whole different of rules that are
beyond the current DKIM/SSP specification. It would be a new RFC that is
based on the DKIM/SSP RFCs.
Given the current specs, can you itemize what are the issue "transformation"
issues in order to maintain mail integrity and SSP security? IMV, it has to
be both ways. Not just one way.
More information about the ietf-dkim