On Sun, 2006-01-22 at 10:25 +0100, Frank Ellermann wrote: > Douglas Otis wrote: > > > A Low Administrative Solution Insensitive to High Latency: > > > Just as email domains check lists when deciding to receive a > > message, they now also check a list to decide whether to > > sign, or perhaps even send a message. > > > With this paradigm, as a best practice, to ensure Company X > > that it is safe for them to send their newsletter, Domain Z > > replaces the incoming signature with an MDA specific > > signature at the edge of their AdmD. An MDA specific > > signature can not be used to resend a message, but still > > allows users of Domain Z to be assured the message is valid, > > and the completed by Domain Z when the message first arrived. > > Any sender X arranges something with most of its receiving Zs. > Any receiver Z arranges something with most of its inbound Xs.
Perhaps for a great while, the choice would be whether is is safe to sign the message or not, when hoping to retain the acceptance value of the signature. The replay abuse problem will effect both large and small domains. Checking a DKIM-Abuse-List (negative) or DKIM-Adopters- List (positive) does not represent any 1:1 arrangements. Commerce related transactions may wish to use a negative list, and list-servers, newsletters and the like, may be safer with a positive list. Community lists represent roughly the same level of care and cooperation exercised in the process of receiving email for most domains. > Why do they need DKIM for that ? CSV or SPF should be enough. For any crypto scheme, CSV could be useful to guard being overwhelmed with bad actors by using a name-base reputation scheme. Retaining protection in the name space prevents collateral blocking and allows double use for the DKIM-Abuse-List. The minimums in SPF can make being overwhelmed worse, even beyond the path registration issues. The DKIM signature however indicates the AdmD providing initial access and not just the last hop. When there is an abuse problem, DKIM would be effective at indicating the source of the problem. DKIM would be effective at indicating the source of the message for recognition and recognition signaled security as well. Signaling anything based upon email-address conformance would be highly unsafe, severely limiting the value of SSP. Review the dkim-options draft. The signature header is not removed, just the 'b=base64' is obfuscated with a result indicating whether the MDA verified the signature upon acceptance. To prevent intra-AdmD spoofing, the MDA does the obfuscation and resigns the message and overlaid signatures. A Public-Key is not necessary for the MDA signature. The MDA 'w=' parameter ensures this signature will not be accepted by any other AdmD. -Doug _______________________________________________ ietf-dkim mailing list http://dkim.org
