On Thu, 2006-09-07 at 07:23 -0400, Wietse Venema wrote: > Hallam-Baker, Phillip: > > I think it is entirely likely that bigbank.com would have a > > situation where the mail servers for its east coast offices were > > adding signatures but the ones for the west coast were not. The > > part that is less easy to see is whether there is value to the > > short term fix. It is probably easier to just do the deployment. > > But it is not certain that this will be the case. > > This hypothetical bank can use the hypothetical "I sign some of my > mail" policy until the DKIM roll-out is complete, and then transition > to the "I sign all my mail" policy. > > A per-user mechanism is not the obvious solution for this problem.
Agreed. Problem: When to trust just the domain? Case 1: Bigbank.com wants their email-messages annotated with high assurances on the basis it verified as coming from their domain, but a general high assurance is not appropriate for all of their messages. Case 2: BigISP.com signs millions of messages per day, but only specific email-addresses are protected internally and are from trustworthy sources. BigISP.com wants only messages that have these protected email-addresses annotated with high assurances. Solution: An email-address specific policy is a natural way to convey which email-address should be annotated as being trustworthy based solely upon the domain from which it verified. DKIM's primary role at protecting transactional messages from being spoofed is greatly enhanced with a per email-address policy. Private exchanges can utilize other clues, such an email-address found in the address book when making different levels of assurance annotations. Domain assured email-addresses may not be found in an address book such as do-not-reply@, where each organization has a practice of using different email-addresses to play these critical roles. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
