On Aug 30, 2006, at 12:38 PM, John Levine wrote:
If I understand your position, you are positing that someone will
pay between $20 and $50/mo for Internet access, probably some extra
amount per month for a DKIM-capable mail service, but they use a
crummy DNS service where they don't know how to put in NS records,
and the $2/mo it would cost to switch to a DNS service that does
support them is an insurmountable barrier. Maybe I'm getting hard
hearted in my old age, but pleas of selective ineptness or
selective poverty do not make a compelling argument for anything.
Why sign a message when the signature is never seen by the
recipient? In all likelihood, a valid signature not matching the
address in question will not receive any positive annotations,
especially from a large domain.
Assume you are right about the majority not wanting to coordinate
with their email-provider, convey a set of moderately complex details
to their name service provider, and then hope their mail continues to
work. When either name-service-provider, or the domain owner makes
an error transcribing a detail, it is likely the email-service
provider who will need to sort out what went wrong. This will
require support staff (your time) to deal with configuration issues
when someone makes a mistake. In addition, all of your accounts now
must carefully track who uses what keys.
The many ways that this can be done, is a problem in itself. Even
within this group, it is difficult for anyone to predict what the
other may want, and where it might be placed within the namespace.
As a result of these issues, this service will cost more per month.
The question "Why did we want DKIM?" might come many people's mind.
Some might suggest so Eliot's dad knows when Eliot is telling him to
buy shares in Petroleum International stock, or load a player for the
latest video from Paris. Social relationships are exposed in many
ways, perhaps by promotions offering free music downloads when you
tell a friend, or by mailing lists like this one. The majority
remains prone to social spoofing. Some might call it spear phishing,
but it is worse. There is little that is more compelling than being
told by a friend to try something that is really exciting or funny.
Ensuring your email-address is within the signing domain is not
really the end of the story either. Is everyone else within this
domain trustworthy? Is there a way for a recipient to know whether
anyone within the domain can also use this address, and which domain
is actually doing the signing and validating of the email-address.
It is not good to have these details hidden. It would be better for
the message annotations to indicate who is doing what for whom, and
whether they said it was okay.
Imagine that you want to raise some money to fund those foreign
exchanges students, but you don't want to deal with telling everyone
how to setup their DNS, so you offer to sign messages is a "special"
way. : )
Your premium service now asserts the email address has been
"validated" (when it has been of course). Along with their assigned
address within the domain, you asked for a secondary contact address
that you happen to also validate. As part of this service they can
also request inclusion of a limited number of other addresses. It
does not matter whether the address is within in your domain.
To allow this to work, a special signature is needed to be able to
assert (for any address domain) the email-address is valid. Alas
that is missing from DKIM at this time, but assume it does exist.
Eliot knows that he can trust your service, and signs up the moment
he hears about it. To allow his dad to know that he is using your
service, Eliot puts your domain name into the policy of his vanity
email-address, [EMAIL PROTECTED] _dfsp._domainkey.at-large.com IN
TXT "v=0.0; f=A; a=taugh.com:at-large.com;"
Eliot's dad's MUA knows all about DKIM and this new special way of
asserting a valid address. The MUA notices Eliot's email-address is
in the address book. It then checks the policy record. When the
policy indicates taugh.com signs for at-large.com, the signature is
then checked. Because the signing domain was in the policy "a="
list, the MUA also knows that the message is valid when asserted
"valid" with this new and special Inter-Domain assertion. A gold
star is then placed next Eliot's email-address allowing his dad to
know it was from him. Eliot did not having to explain to his dad all
about how trustworthy John Levine is at taugh.com and where to look
in the raw headers for taugh.com.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
