On Sat, 2005-08-20 at 18:58 -0500, Earl Hood wrote: > On August 19, 2005 at 17:23, Douglas Otis wrote: > > In your view, if all the domains do DKIM signing, are all the > domains equally accountable (or claiming equal accountability), > regardless the role they play?
In my view, if there is already a signature, and the only item being changed is the RCPT TO, then the optimal behavior would be to leave the message as is. This would mean the originating domain retains their accountability. Those that change the message should resign or endure an IP address based form of assessment. > It appears your discussion of accountability is really something that > sits on top of DKIM, since trying to standardize "accountability" > seems impractical. I do not understand what you mean by standardized accountability. Either the domain permits and can stop abusive behavior, or they can not. Being held accountable reflects this simple expectation. DKIM goals should ensure this remains a reasonable expectation. > Are all you asking for, at the DKIM specification level, is for DKIM > to provide a domain-based message signing specification indicating > "here is what I am transmitting out"? There is also the aspect of expecting this domain to retain control of the authorization provided by way of the signature. Signatures, offer both a benefit and a potential problem, with the ability to be replayed. An expectation of accountability should include an ability to remove the authorization for messages reported as abusive. Waiting the expiry period will likely be ineffectual as a means to limit abuse. > Things like anti-spoofing and anti-forgery should not be part of DKIM? Attempts to directly address anti-spoofing with DKIM risks creating problems that may limit wider deployment. Already there is the problem with From -> Sender, and per user-keys due to expectations the signature is bound to some mailbox address. Both of these issues entail a fair amount of risk. Unfortunately these efforts may only increase recipients susceptibility, rather than the intended protections. Unless there is agreement DKIM does not directly deal with problems of falsified mailbox addresses, there will be ever greater complexity and overhead added. This feature creep will be detrimental to benefits related to message accountability. All of this concern is resolved when the accountable domain is displayed by the MUA. So why create risky complexity? > > By authenticating the HELO, name based reputation could substantially > > replace IP address based reputations. > > Are you referring to an SPF-like system here? Authenticating the HELO is simply a weaker IP address equivalent of a DKIM signature, but which is not carried securely forward with the message. In my view, both provide the administrative domain that can be held accountable. As signatures can _never_ offer resource protection, the use of the HELO can offer resource protections when applying the same acceptance criteria as used for DKIM. -Doug _______________________________________________ ietf-dkim mailing list http://dkim.org
