On Wed, 2006-08-02 at 20:02 -0700, Dave Crocker wrote: > > John L wrote: > > The third is "<foo> signs all my mail", if it turns out that there > > actually exist foo's that reliable enough to delegate's one's signing, > > and that it's easier to do that than to sign in the MUA or to provide > > signing keys so that foo can put on the sender's signature. > > Outsourcing for mail sending is already common, so it seems likely that > delegating signing would be, too. > > But my question is why it is better to have a "delegation of my domain" scheme > rather than simply having the outsourced sending do its own signature and then > use its domain name for evaluating its own reputation. If it is a Good Actor, > then it shouldn't need to rely on the domain name of the content author. If > it > is a Bad Actor, then relying on the domain name of the content author would > merely wind up hurting the content author.
One should assume that the recipient _can_not_ recognize the From email-address. However, one could also assume that the MUA _can_ recognize an "accepted" the address when annotating the message. Also assume the annotation is distinctive in some fashion and can be reliably recognized by the recipient. This overcomes the issue of only display-names being visible, look-alikes, and internationalization or the recipient paying more attention to HTML content. This is a High Impact, High Likelihood concern. To assist the MUA recognition process, an extremely useful piece of information will protect the "acceptance" process. Is this signature considered "authoritative" by the From email-address domain? This suggests that the "authoritative" signing domain _is_ considered to be doing the right things. The right things might be authenticating the sending account and verifying reception of the email-address before permitting its use by this account. While the recipient may wish to override this requirement, they would be doing this at their peril. > > So my suggestion would be to use a format similar to the one we use for > > the signatures, put the first two items in the spec, and use a syntax > > that permits people to experiment with new items and propose the useful > > ones for later standardization. > > Something this minimalist does indeed seem like the best approach: 1) > standardize a publication mechanism for an extensible list of practices; and > 2) > include a tiny number of extremely interesting practices to publish, to seed > the > effort. Actually there is something even more minimal. The "I sign all mail" and "I send no mail" and "Foo signs my mail" can be answered using a list and a single flag. The flag would indicate that "I do not use non-designated sources that may or may not sign" or in other words, "All my mail is signed by designated sources." In Hectors view, this flag represents a statement "Treat non-designated signatures with extreme prejudice." "I send no mail" would be an empty list and a flag. "Just I sign all my mail" would be I's domain and a flag. "Just Foo signs my mail" would be a list with Foo and a flag. "Just Foo and I sign my mail" would be list with Foo and I and a flag. "Don't expect all my mail will be signed, or signed by designated signing domains" would be an empty list and no flag. This would be the default when no policy is found. "Foo and I and other may sign" would be a list of Foo and I and no flag. This should be the recommend method of indicating designated domains and avoiding unexpected prejudicial treatment. Only heavily phished domains might consider setting the flag, even though Hector may insist otherwise. -Doug > d/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
