DomainKeys Identified Mail (DKIM) Service Overview
draft-ietf-dkim-overview-12
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2009-06-01
|
12 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
2009-06-01
|
12 | (System) | IANA Action state changed to No IC from In Progress |
2009-06-01
|
12 | (System) | IANA Action state changed to In Progress |
2009-06-01
|
12 | Amy Vezza | IESG state changed to Approved-announcement sent |
2009-06-01
|
12 | Amy Vezza | IESG has approved the document |
2009-06-01
|
12 | Amy Vezza | Closed "Approve" ballot |
2009-05-30
|
12 | (System) | New version available: draft-ietf-dkim-overview-12.txt |
2009-05-22
|
12 | (System) | Removed from agenda for telechat - 2009-05-21 |
2009-05-21
|
12 | Cindy Morgan | State Changes to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation by Cindy Morgan |
2009-05-21
|
12 | Jari Arkko | [Ballot comment] I want to discuss this on the call: > Mail that is > not signed by DKIM is handled in the same way … [Ballot comment] I want to discuss this on the call: > Mail that is > not signed by DKIM is handled in the same way as it was before DKIM > was defined. Isn't this a contradiction to what the signing practices model does? That is, if the signing practices claim that all mail is signed by DKIM, and this particular message has no DKIM signature, aren't we throwing the message away? Also: > service as its key server technology. [RFC4871] It permits Odd use of the reference. Which sentence does the reference belong to? |
2009-05-21
|
12 | Jari Arkko | [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko |
2009-05-21
|
12 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2009-05-21
|
12 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel |
2009-05-21
|
12 | Adrian Farrel | |
2009-05-21
|
12 | Jari Arkko | [Ballot comment] > service as its key server technology. [RFC4871] It permits Odd use of the reference. Which sentence does the reference … [Ballot comment] > service as its key server technology. [RFC4871] It permits Odd use of the reference. Which sentence does the reference belong to? |
2009-05-21
|
12 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2009-05-21
|
12 | Tim Polk | [Ballot comment] In Figure 1, the flow from the "Assessments" box is non-deterministic; it appears the next step could be "Check Signing Practices" or "Message … [Ballot comment] In Figure 1, the flow from the "Assessments" box is non-deterministic; it appears the next step could be "Check Signing Practices" or "Message Filtering Engine". The supporting text in Section 5.5 did not clarify the situation. I would suggest labeling the diagram or adding explanatory text in 5.5. |
2009-05-21
|
12 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
2009-05-20
|
12 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
2009-05-20
|
12 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2009-05-20
|
12 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2009-05-19
|
12 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2009-05-19
|
12 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2009-05-16
|
12 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded by Alexey Melnikov |
2009-05-16
|
12 | Alexey Melnikov | [Ballot comment] 1. Introduction [...] DKIM allows an organization to take responsibility for a message, in a way that can be verified by … [Ballot comment] 1. Introduction [...] DKIM allows an organization to take responsibility for a message, in a way that can be verified by a recipient. The organization can be a direct handler of the message, such as the author's, the originating sending site's or an intermediary's along the transit path. However it can also be and indirect handler, such as an independent service that is providing assistance to a direct handler. DKIM defines a domain-level digital signature authentication framework for email through the use of public-key cryptography and using the domain name service as its key server technology. [RFC4871] It permits I think the reference is meant to be before the dot. verification of the signer of a message, as well as the integrity of its contents. DKIM will also provide a mechanism that permits potential email signers to publish information about their email signing practices; this will permit email receivers to make additional assessments of unsigned messages. DKIM's authentication of email identity can assist in the global control of "spam" and "phishing". 1.2. Prior Work [...] There have been four previous IETF Internet Mail signature standards. Their goals have differed from those of DKIM. The first two are only of historical interest. Actually, I think the 2nd and the 3rd are of historical interest. I.e. OpenPGP is still in use. o Pretty Good Privacy (PGP) was developed by Phil Zimmermann and first released in 1991. A later version was standardized as OpenPGP. [RFC2440] [RFC3156] [RFC4880] o Privacy Enhanced Mail (PEM) was first published in 1987. [RFC0989] o PEM eventually transformed into MIME Object Security Services (MOSS) in 1995. [RFC1848] [RFC1991] RFC 1991 is "PGP Message Exchange Formats". Is it the correct reference here? o RSA Security independently developed Secure MIME (S/MIME) to transport a PKCS #7 data object. It was standardized as [RFC3851] 2.2. Enabling Trust Assessments [...] In order to formulate reputation information, an accurate, stable identifier is needed. Otherwise, the information might not pertain to the identified organization's own actions. When using an IP Address, accuracy is based on the belief that the underlying Internet infrastructure supplies an accurate address. When using domain based reputation data, some other form of verification is needed, since it is not supplied independently by the infrastructure Missing dot. 3.1.1. Use Domain-level granularity for assurance [...] Contrast this with OpenPGP and S/MIME, which associate verification with individual authors, using their using full email addresses. I think the second "using" should be deleted from this sentence. 3.1.4. Distinguish the core authentication mechanism from its derivative uses An authenticated identity can be subject to a variety of assessment policies, either ad hoc or standardized. DKIM separates basic authentication from assessment. The only semantics inherent to a DKIM signature is that the signer is asserting some kind of responsibility for the message. Any interpretation of this kind of responsibility is the job of services building on DKIM, but the details are beyond the scope of that core. One such mechanism might assert a relationship between the SDID and the author, as specified in the From: header field's domain identity.[RFC5322] Another might I think "[RFC5322]" should be before the dot. specify how to treat an unsigned message with that From: field domain. |
2009-05-12
|
12 | Pasi Eronen | Placed on agenda for telechat - 2009-05-21 by Pasi Eronen |
2009-05-12
|
12 | Pasi Eronen | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Pasi Eronen |
2009-05-12
|
12 | Pasi Eronen | [Ballot Position Update] New position, Yes, has been recorded for Pasi Eronen |
2009-05-12
|
12 | Pasi Eronen | Ballot has been issued by Pasi Eronen |
2009-05-12
|
12 | Pasi Eronen | Created "Approve" ballot |
2009-05-08
|
12 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2009-05-08
|
12 | Pasi Eronen | State Change Notice email list have been change to stephen.farrell@cs.tcd.ie, barryleiba@computer.org, draft-ietf-dkim-overview@tools.ietf.org from dkim-chairs@tools.ietf.org, draft-ietf-dkim-overview@tools.ietf.org |
2009-05-08
|
12 | Pasi Eronen | Note field has been cleared by Pasi Eronen |
2009-05-01
|
12 | Amanda Baber | IANA comments: As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
2009-04-24
|
12 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Nicolas Williams |
2009-04-24
|
12 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Nicolas Williams |
2009-04-24
|
12 | Amy Vezza | Last call sent |
2009-04-24
|
12 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2009-04-24
|
12 | Pasi Eronen | State Changes to Last Call Requested from Publication Requested by Pasi Eronen |
2009-04-24
|
12 | Pasi Eronen | Last Call was requested by Pasi Eronen |
2009-04-24
|
12 | (System) | Ballot writeup text was added |
2009-04-24
|
12 | (System) | Last call text was added |
2009-04-24
|
12 | (System) | Ballot approval text was added |
2009-04-20
|
11 | (System) | New version available: draft-ietf-dkim-overview-11.txt |
2008-10-29
|
12 | Pasi Eronen | PROT Write-Up (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this … PROT Write-Up (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? --------------------------------------------------------------------- The document shepherd is Barry Leiba. Yes, I have reviewed it, and it is ready. --------------------------------------------------------------------- (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? --------------------------------------------------------------------- It has had good review by the working group. I don't anticipate issues from outside the working group, and I'm not concerned with the level of review. --------------------------------------------------------------------- (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? --------------------------------------------------------------------- No. --------------------------------------------------------------------- (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. --------------------------------------------------------------------- No concerns, and no IPR issues specifically with this document. There is an IPR disclosure on the base DKIM spec (RFC 4871) that readers of this document should be aware of. See https://datatracker.ietf.org/ipr/920/ --------------------------------------------------------------------- (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? --------------------------------------------------------------------- There is clear WG consensus in the working group as a whole. --------------------------------------------------------------------- (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) --------------------------------------------------------------------- No. --------------------------------------------------------------------- (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? --------------------------------------------------------------------- There are three I-D nits remaining, as well as a handful of editorial nits, all of which can be fixed in AUTH48. I'll send the editorial nits to the authors separately. I-D nits: 1. There's an unused informative reference to draft-kucherawy-sender-auth-header-15 There's been an update to that draft, but the reference should probably come out anyway, or else it should be referred to somewhere. 2. The document references RFC 2821, which has now been obsoleted by RFC 5321. 3. The document references RFC 2822, which has now been obsoleted by RFC 5322. --------------------------------------------------------------------- (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. --------------------------------------------------------------------- All references are informative, and are so labelled. --------------------------------------------------------------------- (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? --------------------------------------------------------------------- There are no IANA actions for this document, and the IANA Considerations section so states. --------------------------------------------------------------------- (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? --------------------------------------------------------------------- There are no formal specification languages used. --------------------------------------------------------------------- (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. --------------------------------------------------------------------- This document provides a description of the architecture and functionality for DomainKeys Identified Mail (DKIM). It is intended for those who are adopting, developing, or deploying DKIM. It will also be helpful for those who are considering extending DKIM, either into other areas of use or to support additional features. This overview does not provide information on threats to DKIM or email, or details on the protocol specifics, which can be found in [RFC4686] and [RFC4871], respectively. The document assumes a background in basic email and network security technology and services. --------------------------------------------------------------------- Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? --------------------------------------------------------------------- Nothing needing noting. This document provides implementation and deployment advice. The controversies appeared in the development of the protocols that it describes, not in this document. --------------------------------------------------------------------- Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? --------------------------------------------------------------------- None of these specific questions apply. The document is of good quality. --------------------------------------------------------------------- |
2008-10-29
|
12 | Pasi Eronen | Draft Added by Pasi Eronen in state Publication Requested |
2008-07-12
|
10 | (System) | New version available: draft-ietf-dkim-overview-10.txt |
2008-02-25
|
09 | (System) | New version available: draft-ietf-dkim-overview-09.txt |
2008-02-11
|
08 | (System) | New version available: draft-ietf-dkim-overview-08.txt |
2007-11-18
|
07 | (System) | New version available: draft-ietf-dkim-overview-07.txt |
2007-11-12
|
06 | (System) | New version available: draft-ietf-dkim-overview-06.txt |
2007-06-11
|
05 | (System) | New version available: draft-ietf-dkim-overview-05.txt |
2007-03-08
|
04 | (System) | New version available: draft-ietf-dkim-overview-04.txt |
2006-10-25
|
03 | (System) | New version available: draft-ietf-dkim-overview-03.txt |
2006-10-24
|
02 | (System) | New version available: draft-ietf-dkim-overview-02.txt |
2006-06-27
|
01 | (System) | New version available: draft-ietf-dkim-overview-01.txt |
2006-06-22
|
00 | (System) | New version available: draft-ietf-dkim-overview-00.txt |