On Aug 29, 2006, at 5:34 PM, John L wrote:
Orbitz might not care about the security issues raised by allowing
doubleclick to sign messages on behalf of their CEO and other
executives. Many others will.
Actually, Doubleclick signs for email.orbitz.com, which is not the
domain where the execs have their addresses. If there is some
security problem here, you'll have to explain more clearly what it is.
This is a security area spec, least privilege must apply wherever
possible.
Sure, but don't forget that the D in DKIM stands for Domain. The
granularity is domains, not mailboxes. If you want per-mailbox
signatures, DKIM isn't what you're looking for.
Signatures can assure the integrity of assertions, where domains can
also clarify what had been validated prior to signing. While this
may not allow a recipient to repeat validations for themselves, this
information is still valuable when the recipient has cause to trust
the signing domain. Perhaps this trust is due to a simple
association established with the originator via policy. For example,
an MSA could accept outbound messages from a mailing-list, and
messages from authenticated accounts. The MSA can have prior
knowledge through various methods to assert whether the originator's
address had been validated. The signing domain conveying this
information within the signature allows meaningful annotations to be
applied at the receiver for the recipient.
When the receiver annotates the signing domain's assertions of non-
validated and validated addresses, those message marked as validated
can be captured for future reference by the MUA. The actual identity
of the originator requires out-band methods. This out-of-band method
could be something as simple as a pass-phrase conveyed over a phone
call or secure web page. The granularity is one bit, validated/not-
validated. The recipient has an equally simple choice based on
captured references, to trust a claim of validation or not.
DKIM offers a means for domains to convey valuable information and to
retain trust in their integrity and that of their individual users
separately. The identity of the originator must be determined
through other means, but that is a good thing. It would be wholly
impractical to expect all users within an entire domain to be equally
trustworthy. Without a means of differentiating users by whatever
means, DKIM becomes significantly devalued.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
