[ietf-dkim] DKIM 3rd party Authorization using DKIM-Conditional

Hector Santos <hsantos@isdg.net> Tue, 13 February 2018 03:37 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D399E12E852 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 12 Feb 2018 19:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.989
X-Spam-Status: No, score=-0.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=isdg.net header.b=NX9UApTP; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=beta.winserver.com header.b=XzAJUvLg
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XDi56zCRhM4o for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Mon, 12 Feb 2018 19:37:57 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D8AE1242F7 for <ietf-dkim-archive@ietf.org>; Mon, 12 Feb 2018 19:37:57 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com []) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w1D3afMb016616; Mon, 12 Feb 2018 19:36:42 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=isdg.net header.i=@isdg.net header.b=NX9UApTP; dkim-adsp=fail (unprotected policy); dkim-atps=neutral
Received: from demo.winserver.com (listserv.winserver.com []) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w1D3ab97016593 for <ietf-dkim@mipassoc.org>; Mon, 12 Feb 2018 19:36:39 -0800
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1482; t=1518492927; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=JGL1q45M0JTmi4mXjgItc4ui5uE=; b=NX9UApTP3OobDdihhY6p cPZXpa06JsGH5gqoxb+Wd5iIp2XwiZ8II0puK3iVGE8nC0GNQcHuzzTI92VgP6Z6 PQMeL9P8QjQDmnvEbsrb0DszYj6UMJlG6b/LgTa5OIGLdQ9cvQ914m3InVvFkOpU DCyuQ+NeFvhq72TaECh0few=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for ietf-dkim@mipassoc.org; Mon, 12 Feb 2018 22:35:27 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 4066611368.1.5924; Mon, 12 Feb 2018 22:35:27 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1482; t=1518492625; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=Pj067UO dNjkfoUSxgRQ0F43v+OTUvCad5FZBl7k+SWk=; b=XzAJUvLg5vckF9vYtFvboDL tnKaObr8c+0yh2aeBXezGzEEu5v+fgB5LMHMvggbQNlEY1+OV9voCg4j/dJMvYvh EJ1XWjZUpzOvUWLEqetroZ8dHORprCo6+3rJ5p/AIJgOS+orEj2Y+OOwQDTRtHxf Sp+7sRc8qAj4hpUYeGaU=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for ietf-dkim@mipassoc.org; Mon, 12 Feb 2018 22:30:25 -0500
Received: from [] ([]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 4066498658.9.284492; Mon, 12 Feb 2018 22:30:24 -0500
Message-ID: <5A825CFC.4070801@isdg.net>
Date: Mon, 12 Feb 2018 22:35:24 -0500
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-dkim@mipassoc.org
References: <alpine.OSX.2.21.1802121237530.63897@ary.qy>
In-Reply-To: <alpine.OSX.2.21.1802121237530.63897@ary.qy>
Subject: [ietf-dkim] DKIM 3rd party Authorization using DKIM-Conditional
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: "ietf-dkim" <ietf-dkim-bounces@mipassoc.org>

On 2/12/2018 12:40 PM, John R. Levine wrote:
> Just for fun I sent in a new I-D of the dkim-conditional draft that
> takes out version numbers and adds feature tags in a backward
> compatible way.
> https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/


But just for fun?  I wish you would believe more in your work. Take it 
more serious.  If you had done so with ADSP, while we might be at the 
same position today with its replacement DMARC, we would at least 
saved a number of IETF man-years as well.  Same problem then today. 
But perhaps the author still doesn't really believe in the policy 
model, yet does these types of DKIM Policy proposals.

I rather work on this proposal (over ARC) because it directly 
addresses the key principle DKIM POLICY problem regarding the lack of 
a 3rd party resigning authorization mechanism with minimum code change 
and expense.  It offers a bigger bang for the buck leveraging years of 
IETF DKIM Policy Model R&D already done.   We just didn't have the 
POLICY advocates back then as we do today. So perhaps this time it can 
be different with some of the past policy advocates posting again.

But since we seem to have an curious aversion towards optimizing the 
solution using a simple DNS lookup, i.e. DMARC+ATPS, the DKIM 
conditional 3rd party authorization derivative would be the next best 

This work should taken seriously with first the author believing in 
his work.



NOTE WELL: This list operates according to