[ietf-dkim] Future uses of DKIM in Netnews (was: "I
chl at clerew.man.ac.uk
Wed Nov 29 04:24:56 PST 2006
On Tue, 28 Nov 2006 17:57:30 -0000, Hallam-Baker, Phillip
<pbaker at verisign.com> wrote:
>> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Charles Lindsey
>> But DKIM-base is not 100% suitable. You wouldn't want a
>> header called "DKIM-Signed" for an application totally
>> unconnected with DKIM,
> Why not? The M stands for Messaging.
Yes, but the DK stands for Domain Keys.
> NNTP is simply an alternative transport for email.
>> and you would not want the signing key
>> to be based on a domain-name (a newsgroup-name such as
>> news.announce.newgroups is traditional) and so you wouldn't
>> be using DNS to publicize your keys.
> I disagree. I think that you want to authenticate the signer. In fact
> that is all you can do with any signature technology.
In the applications we are talking about, the need is for Authorization
(which goes way beyond authentication), and it is the 'role' that is
authorized to perform some action. The 'role' might be exercised by
various people with addresses in various domains (and even where there is
a special domain involved, not every message from that domain is
exercising that role). So an entirely different PKI might be needed, and
the only use of Dkim-Base as the protocol is that if saves reinventing yet
another wheel to do essentially the same job (signing headers). And
Dkim-base as it stands is 95% suitable for such other applications - just
a few niggling awkward spots which might well be ignored or worked around,
but niggle nevertheless.
> The question of the relationship of the signer to the newsgroup is
> You seem to be considering the case where the signer is the newsgroup
> moderator. I was considering a situation where the news server signs
> every post that originates from one of its own users.
Then the case you were considering was entirely different from the one
being discussed, because noway will such signatures be signed by any news
server (because that would restrict the person filling the 'role' to using
the same server in perpetuity, and worse would require him to provide the
relevant private key to that server's admins).
>> The other reason I am here is because of concerns over EAI....
> I am familiar with six acronyms for EAI. I presume you mean
EAI just happens to be the name of the Working Group dealing with this. As
a name it is entirely unsuitable, and the final name of the suite of
extensions will most likely be "UTF8SMTP".
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim