IETF Logo Mail Archive

Re: [ietf-smtp] DKIM encryption, was Request for discussion

"Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl> Fri, 18 October 2013 20:18 UTC

Return-Path: <R.E.Sonneveld@sonnection.nl>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E57611E81E8 for <ietf-smtp@ietfa.amsl.com>; Fri, 18 Oct 2013 13:18:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37ZMATum+bNP for <ietf-smtp@ietfa.amsl.com>; Fri, 18 Oct 2013 13:18:01 -0700 (PDT)
Received: from mx20.mailtransaction.com (mx20.mailtransaction.com [78.46.16.213]) by ietfa.amsl.com (Postfix) with ESMTP id 7C13F11E8312 for <ietf-smtp@ietf.org>; Fri, 18 Oct 2013 13:17:43 -0700 (PDT)
Received: from mx14.mailtransaction.com (mx11.mailtransaction.com [88.198.59.230]) by mx20.mailtransaction.com (Postfix) with ESMTP id 3d1dpG1zSNz1L8fV; Fri, 18 Oct 2013 22:17:42 +0200 (CEST)
Received: from jaguar.sonnection.nl (D57E1702.static.ziggozakelijk.nl [213.126.23.2]) by mx14.mailtransaction.com (Postfix) with ESMTP id 3d1dpG0dvhz5MhXF; Fri, 18 Oct 2013 22:17:42 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by jaguar.sonnection.nl (Postfix) with ESMTP id B134D12315A; Fri, 18 Oct 2013 22:17:41 +0200 (CEST)
X-Virus-Scanned: amavisd-new at sonnection.nl
Received: from jaguar.sonnection.nl ([127.0.0.1]) by localhost (jaguar.sonnection.nl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id LzR-ozfCInhi; Fri, 18 Oct 2013 22:17:38 +0200 (CEST)
Received: from [192.168.1.49] (unknown [192.168.1.49]) by jaguar.sonnection.nl (Postfix) with ESMTPSA id 36476122EA4; Fri, 18 Oct 2013 22:17:38 +0200 (CEST)
Message-ID: <52619761.5040204@sonnection.nl>
Date: Fri, 18 Oct 2013 22:17:37 +0200
From: "Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl>
Organization: Sonnection B.V.
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: John Levine <johnl@taugh.com>, ietf-smtp@ietf.org
References: <20131017190852.35728.qmail@joyce.lan>
In-Reply-To: <20131017190852.35728.qmail@joyce.lan>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sonnection.nl; s=2009; t=1382127462; bh=vl562otQ1vAupqDQc9xFypCADaLwtDGftMFxagt2sb4=; h=Message-ID:Date:From:To:Subject:From; b=nSOceLW2xhA9SSrzsOkHCigPa88SXHg60YtJvKNkoKtzHEoDSmKj76qHuDQ/fe0+O rEnMqqFbiBvxKMLHQDqpLp/BJyZ1Ko6McP4aEcCE9ACwBiR9HUsTpc1Vt7i9Vzf2Ok bd607OhyUx8XViadrJ7cs+8W7BpXOCN8LdAPgiAk=
DKIM-Filter: OpenDKIM Filter v2.8.2 mx20.mailtransaction.com 3d1dpG1zSNz1L8fV
Subject: Re: [ietf-smtp] DKIM encryption, was Request for discussion
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: R.E.Sonneveld@sonnection.nl
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-smtp>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 20:18:06 -0000

On 10/17/2013 09:08 PM, John Levine wrote:
>>> I'm in for spec writing and doing implementation experiments.
> I'll write something up for the DKIM thing.

DKIM is the abbreviation of DomainKeys _Identified_ Mail. I agree with 
others that the term 'DKIM' cannot be used for this new protocol, the 
authors of DKIM have always tried to limit the scope of DKIM in many 
discussions on ietf-dkim, with the result of DKIM being defined as:

    DomainKeys Identified Mail (DKIM) permits a person, role, or
    organization that owns the signing domain to claim some
    responsibility for a message by associating the domain with the
    message.


If, nonetheless, the consensus would be to use DKIM for this new 
protocol in order to be able to benefit from the fact that DKIM is 
well-known and has a large installed base, then in my view 'DKIM would 
need to be redefined, for example to refer to 'DomainKeys Internet 
Mail'. In which case there's an awful lot of work to do to either 
explain the two incarnations of DKIM, or to come up with one combined 
standard describing both types of usage of DKIM (similar to S/MIME which 
covers both signing and encryption).

> If anyone actually
> understands PGP or S/MIME (you can stop laughing now) help would be
> appreciated, since I want to borrow as much as possible from one of
> them to avoid inventing my own probably broken crypto scheme.

As for the part that describes storage of the keys in DNS I'd suggest to 
take a look at DANE [1]. Looking at DANE and a number of new related 
drafts [2], [3], [4], together with this new draft John will write, and 
given the fact that in the future there probably will be more protocols 
with a need to store keys in DNS, it seems to me that there is a need to 
unify all of these DNS key storage schemes.

/rolf

[1] http://tools.ietf.org/html/rfc6698
[2] http://tools.ietf.org/html/draft-wouters-dane-openpgp-00
[3] http://tools.ietf.org/html/draft-ietf-dane-smime-02
[4] http://tools.ietf.org/html/draft-wouters-dane-otrfp-00

v2.23.0 | Report a Bug | By Email