[ietf-dkim] Proposed changes to MLM draft

Rolf E. Sonneveld R.E.Sonneveld at sonnection.nl
Mon Aug 30 13:50:58 PDT 2010 

  On 08/30/2010 10:13 PM, Dave CROCKER wrote:
>
>
> On 8/30/2010 1:10 PM, Rolf E. Sonneveld wrote:
>>> I'd suggest that the second item actually be a normative 
>>> specification of
>>> value-added features. This requires a change to the charter, and so 
>>> it would
>>> have to wait until completing the current charter.
>>
>> can you elaborate on what, in your view, would be part of this normative
>> specification?
>
> merely as an example, I'll cite the usage of DKIM for subscription and 
> submission validation that has been mentioned a few times.  Formally, 
> using DKIM that way is almost certainly a value-added semantic that 
> goes beyond the semantics of the DKIM signing specification.  That's 
> ok to do, but requires a normative spec to define the behavior and 
> meaning.

Can we say anything normative about subscriptions and submissions when 
the From address (even if DKIM signed- and verified OK) does not 
necessarily say anything about the identity of the sender?

Or, vice versa, can we put more trust/faith in the From address if the 
domain in the From address is equal to the d= domain value?

I assume you mean with subscription and submission validation, the act 
of permitting/denying someone/some address to subscribe or to submit 
mail? If so, that's an action in the category 'authorization' and 
authorization requires authentication as foundation.

Please note: I'm not trying to kick off a complete new discussion, but 
these are real questions that keep me busy. I'd love if the answer to 
the second question would be: "Yes, IF domain part of From address 
equals d= domain value, THEN we can use the From address as 
authentication information", but I believe all discussions on this list 
have not provided a clear "yes" answer to this question.

+1 for taking these items out of the MLM draft and create a separate 
document for them, although I'm not sure it can be normative or just 
informational.

/rolf

P.S. Dave, is it possible to disable greylisting for mipassoc.org or at 
least for contributions to this list? Now we get sometimes a-synchronous 
contributions where the answer precedes the question. (And yes, I hate 
greylisting).

More information about the ietf-dkim mailing list