Folks, What is the scope of problems DKIM should try to protect against?
A DKIM signature means that whoever controls the DNS entry for the SDID is taking some responsibility for the message. A random bad actor, out there in the wilds of the Internet, cannot use that SDID. This is the core benefit of DKIM. Then there is the question of controlling different employees, within the organization that owns the SDID. Perhaps I'm authorized to do signing, but the janitor in my organization isn't. Should a receiver that is validating a signature be asked to take on the burden of enforcing access rules within the signing organization? Protecting against outside attacks is inherent in DKIM's goal. Protecting against attacks or misbehaviors from within the domain owner's own organization strikes me as an inappropriate shifting of enforcement burden onto the recipient. If the working group agrees, then we have an opportunity to simplify DKIM. Similarly, there are some features that aren't getting used, and that are not showing any signs of getting used. Dropping them also permits making DKIM substantially simpler. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
