To both the mailmaint and dkim lists,
In reading the unobtrusive signatures draft
(https://datatracker.ietf.org/doc/draft-gallagher-email-unobtrusive-signatures/),
it seems like it mainly contrasts itself with existing S/MIME and PGP signing,
but not with DKIM signing. DKIM signatures are already "unobtrusive" (in the
sense that they avoid the issues described in section 3, as well as bullet 2 of
section 9.1).
There was also discussion in the most recent mailmaint session that it would be
desirable for these unobtrusive signatures to be compatible with DKIM 2 (i.e.
it can survive any modifications in transit, and be verifiable after applying
the diff algebra of DKIM 2).
The main difference between the goals of these signatures and DKIM, then is in
the DK part of DKIM, e.g. that they're not end-to-end and that key discovery is
tied to the domain.
However, I think DKIM can actually be split into two parts: the mechanical part
of how to canonicalize and sign a message, and how to transmit the
key/establish trust.
So, I propose that unobtrusive signatures actually be built on the first part
of that. Meaning, rather than wrapping the headers in a multipart mixed and
signing that, attaching a header field that very closely mirrors the DKIM2
header field, and following the exact same mechanism to sign the body and
selected headers.
Given that there's active work on DKIM 2, I imagine this could be done by:
1. The DKIM WG explicitly splitting the core draft in two, one to cover how to
canonicalize and sign a message with a given key, and another to cover how keys
are to be distributed via DNS. The unobtrusive signatures draft could then
explicitly use the mechanism defined in the first.
2. The unobtrusive signatures draft being modeled very closely on DKIM (but
with a different key distribution mechanism).
The benefits that I see to this approach:
1. The MIME structure is unaltered, which IMO is even more "unobtrusive"
2. The headers to be signed do not need to be duplicated in the message body
(which saves a bit of message size and avoids issues like: what if the inner
headers don't match the outer?)
3. This ensures that the diff algebra of DKIM 2 applies to unobtrusive
signatures as well.
4. Generally, one fewer signing mechanism for implementors to think about
- Phillip
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
