On Aug 8, 2006, at 12:25 PM, J.D. Falk wrote:
On 2006-08-08 11:43, Scott Kitterman wrote:
Sounds like false hope to me; as a big receiver, I can't imagine
that
I'd ever want to blindly trust assertions made by an unknown sender.
As both you and John L point out, this is a big issue. That's why
I was thinking about it being something in DNS related to the
policy record so that it would be at least slightly harder to lie
about it. It's also why I started with IF... I recognized that
if it can be trivially spoofed, then there's no reason to do it.
We can accomplish that much without any changes to SMTP:
- SMTP conversation happens as per usual
- receiver looks up MAIL FROM domain, checks SSP
- receiver decides whether to accept the message and check the
signature, or reject based on non-DKIM-related criteria
Or am I missing something?
By SSP you mean the First-Party-Policy. A check subsequent to
receiving the entire message could verify there is an association
between the First-Party-Address and the Signing-Domain, but this is
not assured to match the MAIL_FROM. This implies that MAIL_FROM will
always have the same domain as that of the Signing-domain. A
separate MAIL_FROM policy could avoid this constraint. A MAIL_FROM
policy would offer greater value when it corresponds to the SMTP
client issuing the message rather than the signing domain.
Imagine a message signed by your domain is replayed from a system
controlled by a bad actor. How is this detected? A MAIL_FROM policy
could confirm there is a relationship with that of the client before
the message is accepted. Authenticating the client allows policy
(relationships) to be established between both the MAIL_FROM and the
Signing_Domain.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
