First the example john gives is real, but an incomplete description. VeriSign is an ESP, the point is that this high trust case is not th most general case, it is much more common to outsource bulk mailing and this is done today to low trust providers precisely because there is no authentication in email.
We should not rely on an expectation of low security that we are trying to change.
Security by analogy and security by comparison fail for well known reasons.
It is always a mistake to use implementation considerations to filter requirements gathering. Gather the requirements then filter.
I know people think they have code to protect. But at this stage I don't think ssp will survive unchanged. So why not simplify it while we have the chance? Especially when we can do so and meet more requirements by doing so.
Sent from my GoodLink Wireless Handheld (www.good.com)
-----Original Message-----
From: John L [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2006 05:52 PM Pacific Standard Time
To: Hallam-Baker, Phillip
Cc: DKIM List
Subject: RE: [ietf-dkim] Delegated signatures in real life
> Orbitz might not care about the security issues raised by allowing
> doubleclick to sign messages on behalf of their CEO and other
> executives. Many others will.
Actually, Doubleclick signs for email.orbitz.com, which is not the domain
where the execs have their addresses. If there is some security problem
here, you'll have to explain more clearly what it is.
> This is a security area spec, least privilege must apply wherever possible.
Sure, but don't forget that the D in DKIM stands for Domain. The
granularity is domains, not mailboxes. If you want per-mailbox
signatures, DKIM isn't what you're looking for.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
