[ietf-dkim] Responsibility vs. Validity
jon at callas.org
Wed Nov 28 15:09:52 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
I have to strongly disagree with many of the things said here. I am
one of the original authors and designers, and while I don't speak
for the other authors and designers, I believe that I can reasonably
authoritatively say something about DKIM's original intent.
This working group can, of course, *change* DKIM's intent with
nothing more than rough consensus. However, I have to object when I
hear the intent misstated. Rather than write a huge note, I'm going
to break my major objections up.
DKIM is subtly different from OpenPGP  and S/MIME. DKIM is
analogous to a postmark, as opposed to the signature on a letter
inside the envelope. To use another analogy, it is like the routing
tag that an airline puts on baggage to make sure it wends its way
through an airport. There's no corresponding equivalent to the
OpenPGP-S/MIME signatures in this analogy, but DKIM is a statement
about the container rather than the contents.
Because of the way that digital signatures work, the mechanics of the
signature has to cover the body of the message. But the airport
routing tag also by necessity covers the content of the bag because
the laws of physics just work that way. That's not the intent.
Each of these metaphors will break down if I go further with them, so
I won't. I'll move to a use case.
The buck for the "administrative domain" of callas.org lies
ultimately with me. I run it. I have a number of users, who are all
members of my family. The way that I run the system, it's possible
for us to forge messages from each other. Now, the MTA will also put
in a header line that says who the authenticated sender is, but
that's in a "Received" line, and isn't going to be signed by DKIM.
My policy is that an authenticated user can "forge" senders. If that
policy turns out to be unwise, it's my problem. It is the intent of
DKIM that the administrative domain has the right to be stupid.
Nonetheless, a DKIM signature means that I accept responsibility for
a message I (meaning one of my authenticated users) put into the mail
 PGP is software, OpenPGP is an IETF standards-track protocol. The
PGP software implements a number of standards including OpenPGP, S/
MIME. The name PGP is a trademark of PGP Corporation.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
-----END PGP SIGNATURE-----
More information about the ietf-dkim