On Dec 26, 2006, at 10:22 AM, John Levine wrote:
I don't understand what the security model of linked signatures
would be, and I doubt anyone else does, either. Since DKIM allows
multiple signatures now, and allows you to put private fields in
the signature header, there's plenty of tools available for people
to experiment, and if the experiments pan out, add linking in DKIM N
+1. But it strikes me as a poor idea to make a change this basic
on short notice at this late date..
DKIM _only_ provides protection only when a "recognized" email-
address domain demonstrates an association with that of the signing-
domain. This association might be viewed as "linking" signatures.
There is nothing that would prevent making a rather minor change with
the 'i=' syntax to greatly minimize the number of signatures that
might need checking while hunting for an association (linkage). This
minor change would enable a path forward in a non-disruptive fashion.
When providers experiment and sign all email they transmit, they
might expect DKIM signatures to afford better abuse-reporting, for
example. A profusion of signatures not matching any email-address
within the message, and without any linkage offered that indicates
the email-address being serviced by the signature, could rapidly
become a real mess once spammers also mimic this behavior. A means
to "link" the signature with some email-address is needed even when
the domains differ. Email-address recognition must serve as a basis
for protective annotation, where some from of linkage is perhaps the
only viable solution available. When done by way of the 'i=' syntax,
this linkage is also extremely simple, minor, and non-disruptive.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
