Re: [Ietf-dkim] Adding an aim= tag to DKIM Signature Tag Specifications

Dave Crocker <dhc@dcrocker.net> Tue, 12 May 2020 16:24 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7E293A00D5 for <ietf-dkim@ietfa.amsl.com>; Tue, 12 May 2020 09:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X7REU1bsAo58 for <ietf-dkim@ietfa.amsl.com>; Tue, 12 May 2020 09:24:07 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C5B73A00D2 for <ietf-dkim@ietf.org>; Tue, 12 May 2020 09:24:07 -0700 (PDT)
Received: from [192.168.1.67] (108-226-162-63.lightspeed.sntcca.sbcglobal.net [108.226.162.63]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id 04CGQ43d020803 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 12 May 2020 09:26:04 -0700
Reply-To: dcrocker@bbiw.net
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: ietf-dkim@ietf.org
References: <80533fb3-75a2-1d60-801d-c54d735d4094@tana.it> <7ac84ebf-e30b-6288-81c2-4a6631471d74@dcrocker.net> <5d9709d4-fd1e-9275-6a36-dfc6e7fca97b@bluepopcorn.net> <486245c5-d261-c6df-560b-f022c1ebabd5@dcrocker.net> <551162f8-6c95-071c-3b2e-6a265b1c9783@tana.it> <CAL0qLwYDxA7uyLp6h19P5iSVH0eVen0aEGKRic9BrV=C7gC68Q@mail.gmail.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <94344901-ef04-143f-2c1a-65416a2bbb8f@dcrocker.net>
Date: Tue, 12 May 2020 09:23:59 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <CAL0qLwYDxA7uyLp6h19P5iSVH0eVen0aEGKRic9BrV=C7gC68Q@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/Npbid1bsogN32tPclWXxNVgkc2A>
Subject: Re: [Ietf-dkim] Adding an aim= tag to DKIM Signature Tag Specifications
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 16:24:09 -0000

On 5/12/2020 8:48 AM, Murray S. Kucherawy wrote:
> On Tue, May 12, 2020 at 1:20 AM Alessandro Vesely <vesely@tana.it 
> <mailto:vesely@tana.it>> wrote:
> 
>     On Mon 11/May/2020 20:23:12 +0200 Murray S. Kucherawy wrote:
>      > Indeed; why would I believe what any given domain claims in this tag?
> 
>     If you trust the domain, you can as well trust their tagging.
> 
> 
> If you trust the domain, you don't need their tagging.


Just to explore this a bit:

      Presence or absence of 'trust' is orthogonal with /what/ is trusted.

At small scale, long-term operators know each other and know both the 
what and the whether.  At larger scale, they might develop a degree of 
trust through history but not have any way of knowing what the other 
side's signing policies are.

For reference, I think this topic is likely to be unproductive, given 
how poorly concepts and practices of policies like this seem to fare. 
But it seems interesting, gets raised periodically, and at least could 
be a cleanly-handled topic if pursued this way.  (Especially if it is 
encoded as a separate header-field...)

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net