Playing around with ideas here. This one removes the "l=0" signature stuff and instead makes DKIM-Delegate into a more self-contained thing, which I believe was suggested (or at least inspired) by Stephen's comments. There is still the potential for abuse during the ephemeral relationship period (i.e., prior to expiration), but it it is now an indirect attack on the author domain rather than a direct one. Perhaps that's more palatable in this scenario.
Comments welcome. -MSK ---------- Forwarded message ---------- From: <internet-dra...@ietf.org> Date: Thu, Jun 19, 2014 at 11:08 PM Subject: New Version Notification for draft-kucherawy-dkim-delegate-01.txt To: "Murray S. Kucherawy" <superu...@gmail.com>, Dave Crocker < dcroc...@bbiw.net> A new version of I-D, draft-kucherawy-dkim-delegate-01.txt has been successfully submitted by Murray S. Kucherawy and posted to the IETF repository. Name: draft-kucherawy-dkim-delegate Revision: 01 Title: Delegating DKIM Signing Authority Document date: 2014-06-19 Group: Individual Submission Pages: 11 URL: http://www.ietf.org/internet-drafts/draft-kucherawy-dkim-delegate-01.txt Status: https://datatracker.ietf.org/doc/draft-kucherawy-dkim-delegate/ Htmlized: http://tools.ietf.org/html/draft-kucherawy-dkim-delegate-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-kucherawy-dkim-delegate-01 Abstract: DomainKeys Identified Mail (DKIM) permits a handling agent to affix a digital signature to an email message, associating a domain name with that message using cryptographic signing techniques. The digital signature typically covers most of a message's original portions, although the specific choices for content hashing are at the discretion of the signer. DKIM signatures survive simply email relaying but typically are invalidated by processing through Mediators, such as mailing lists. For such cases, the signer needs a way to indicate that a valid signature from some third party was anticipated, and constitutes an acceptable handling of the message. This enables a receiver to conclude that the content is legitimately from that original signer, even though its original signature no longer validates. This document defines a mechanism for improving the ability to assess DKIM validity for such messages. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc