[Ietf-dkim] Adding an aim= tag to DKIM Signature Tag Specifications

Alessandro Vesely <vesely@tana.it> Mon, 11 May 2020 17:22 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12E073A0BE6 for <ietf-dkim@ietfa.amsl.com>; Mon, 11 May 2020 10:22:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tMDO1sLmYy3 for <ietf-dkim@ietfa.amsl.com>; Mon, 11 May 2020 10:21:58 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F75C3A0B3F for <ietf-dkim@ietf.org>; Mon, 11 May 2020 10:21:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1589217715; bh=srJrToznBMHui7Jbq+ncN1jIDkj5BWcRqNhKmylFgQs=; l=1200; h=To:From:Date; b=Biw6fe+b6OwB7W8trkR0nxAXubI2B0opeY56fjagv/flPOtlTVh3EKJn0i+RmEBB/ ZetsBZt2hMsuE+f961s3B3f6GKNiH5u5xEjn1U+49A7idgYayKH7suaGkXiWcp9scv YtLVE59JRKoTl62+UGw3yEStI7PCPJDYKdG/BSGsZU9qH70oRXqyYeKgunds6
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.2, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC081.000000005EB989B3.00006A4B; Mon, 11 May 2020 19:21:55 +0200
To: ietf-dkim@ietf.org
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <80533fb3-75a2-1d60-801d-c54d735d4094@tana.it>
Date: Mon, 11 May 2020 19:21:55 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/Xu21oeF0Ok062qpVK32GvVri8F0>
Subject: [Ietf-dkim] Adding an aim= tag to DKIM Signature Tag Specifications
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2020 17:22:14 -0000

Hi all,

consider the famous incipit:

   DomainKeys Identified Mail (DKIM) permits a person, role, or
   organization to claim some responsibility for a message by
   associating a domain name [RFC1034] with the message [RFC5322], which
   they are authorized to use.

The question is, what responsibility is being claimed?  Some sites allow
authenticated users to use any From:, but are able to find out who the actual
author was, if needed.  Other sites only sign if the From: matches the actual
user, or at least its domain part.  Still others just sign everything.

Discussions about what kind of assurance would a signature imply are rather
frequent.  At least, specifying an aim= tag should shred some light on the
various possibilities.

Tagging keys with aim= would allow senders to choose an appropriate selector
under different circumstances.  Some mail sites use different sending IP
addresses to meet a similar purpose.  Others use different domain names, opaque
chunks of base64 data, or X-Google-DKIM-Signatures.  An aim= would serve a
similar purpose in a more open manner, introducing yet another means to discern
among different mail flows.

Comments?


Best
Ale
--