[ietf-dkim] Draft agenda for Chicago...

Douglas Otis dotis at mail-abuse.org
Thu Jul 5 12:04:47 PDT 2007 

SSP & Authorization?

Wide deployment of DKIM would be highly desired, but the transparent  
authorization scheme as currently envisioned limits where DKIM might  
prove useful.  Will transparent authorization produce more more junk  
for SMTP to handle?  Will replay abuse cause DKIM to devolve into  
feckless and wasteful per-user-keys?

Some providers may expect that by restricting the methods to  
authorize DKIM signing domains, higher premiums can be charged.  This  
authorization impediment will result in DKIM being used less and  
having less relevance.  Another driving motivation might be that  
transparent authorization shifts accountability away from the  
provider.  Unfortunately, the only anti-replay assurance possible is  
when the SMTP client introducing the message to a public SMTP server  
happens to be within the signing domain.  In most cases, without SMTP  
client being within the signing domain, there will not be a safe  
basis to accept a message based upon the signing domain, even when  
the signing domain might be otherwise trustworthy.  Improving  
delivery acceptance is desired by a majority of email uses.  Domain  
delegation or key exchanges for transparent DKIM authorization  
defeats DKIM based acceptance.

Dealing with spam must be done as close to the source as possible.   
DKIM could help by confirming who is introducing the message into the  
public SMTP server.  A simplified means to authorize who is providing  
this service allows DKIM signing domains to normally correlate with  
the provider's SMTP clients.  When the message is authorized AND the  
SMTP client and signing domain correlate, there would be far less  
concern of replay attack.  If there was a problem, the domain signing  
the message should be held accountable, as they should also be  
closest to the problem.  Domain delegation or key exchanges for  
transparent DKIM authorization defeats the assumption as to who is  
closest to the problem.

No one should be visually examining DKIM signatures to deduce  
signature validity.  Whatever annotation ultimately devised to convey  
signature validations and identity compliance, it will hide an  
equally ugly but highly useful hash based authorization scheme.  Such  
an authorization scheme also makes it clear who actually signed the  
message.  Ultimately, knowing who actually signed the message  
provides an essential piece of information needed to detect and  
curtail fraud.   Domain delegation or key exchanges for a transparent  
DKIM authorization defeats an ability to detect fraud.

-Doug

More information about the ietf-dkim mailing list