Keith Moore wrote:
Perhaps. But it's difficult to escape the impression that this is
another example of IETF failing to solve an important problem by focusing
on a portion of the problem that's easy to solve, and ruling the difficult
part out of scope for the time being. Repeat as needed; you can always
partition the remaining part of the problem again.
It was not a difficult problem. The issues were well understood long
before Murray took over the DKIM specification. The WG security and
requirements RFC productions clearly laid it out:
RFC4686 Analysis of Threats Motivating DKIM
RFC5016 Requirements for a DKIM Signing Practices Protocol
The remaining technical problem was how to scale the authorization of
3rd party signer. The proposals
ASL Allowed Signer List (good for small systems, does not scale)
TPA Third Party Authorization (appear to scale, but complex)
ATPS Authorized Third Party Signer (easier version of TPA)
But there was a fundamental mindset and marketing conflict. It was a
conflict of 3rd party resigner market right to exist uncontrolled,
unrestricted regardless of originating DKIM message claims.
The WG could not continue to complete RF5017 ADSP when the then out of
scope Trust ideas took over and promoted a market of unrestricted
resigners. If ADSP became a standard then these resigners would be in
violation of a security standard, and it would be a serious problem if
they intentionally and neglected a security protocol when they
resigned mail potentially distributing harmful mail
The easy solution is to toss out ADSP, like it never existed. No one
should follow original domain policy declarations.
But this only shifted to the problem to the resigner who has no sort
of policy wrappers. What happens with resigners resign resigned mail?
Who will protect them?
Without based line protocol consistent controls and guidelines to
follow, I'm afraid DKIM signing is fast becoming is rabid hop to hop
message signature stamping broadcasting concept where the only
remaining benefit is to make sense of the last signer which is never a
problem in the authorized and known mail world. Its a problem with
the anonymous world and a DKIM-signature has no value here when the
signer is unknown. Since DKIM-signature requires the 5322.From address
to be hash bound to the signature, the lost of policy allowed the
anonymous abuse of these domains to continue.
The issue is straight forward, either resigners support signing
controls or not. Obviously the latter was the easy way for THEM but it
didn't solve the problem. No matter way a policy concept is required.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf