[doseta-discuss] suggestions/concerns on spec

Bill Burke bburke at redhat.com
Thu Jun 2 12:09:58 PDT 2011 


On 6/2/11 2:33 PM, J.D. Falk wrote:
> On Jun 2, 2011, at 11:04 AM, Bill Burke wrote:
>
>> One of the problems I had was to actually find somebody that has deployed DKIM.  I could not find anybody as of yet.
>
> That's surprising.  There are thousands of deployments, going back 5+ years.
>
> Perhaps try the IETF DKIM Working Group?  http://tools.ietf.org/wg/dkim/
>
>> The people I talked to thought using DNS was an interesting idea, but the biggest concern was the lack of knowledge/deployment of DNS Sec.  Security sounds like it might be an issue with public key publication.  I don't know enough about DNS to say whether or not something like DNS SEc would be required to ensure the integrity of the public key you are obtaining to verify a signature.
>
> http://tools.ietf.org/html/rfc5863#section-3.2 mentions DNSSEC briefly.  I'm not sure how widespread the DNSSEC+DKIM combination is today, though.
>

I found it strange too.  I knew DKIM was widely used, but I couldn't 
find anybody at Red Hat that knew something about it other than basic 
knowledge.  Granted, I could have just been ignored on the internal 
company-wide mail list.  Also in my division (JBoss) we're all 
enterprise middleware developers and know little about deploying email 
solutions.

>> - A very generic signature header specification that describes how the signature header is created, canonicalized, and how the hash and signing algorithms are applied.  Very few fields should be required.  And only a few defined (like bh, v, h only).  SOme of the people talked to are interested in a signature header spec, but uninterested in DKIM.  Like for instance, they want to be able to use a signature header to sign requests and not necessarily a body.  It would be good to define something that people can refer to and innovate with on their own for their own purposes.
>
> Isn't that what DOSETA is?
>

DOSETA pulls in public key propagation.  Requires a bh field (you might 
want to sign headers but no body).  I'd like to see that stuff split off 
and/or optional.



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the doseta-discuss mailing list