Re: Trust Annotation Support

On Apr 26, 2006, at 12:32 PM, J.D. Falk wrote:

> On 2006-04-25 08:51, Douglas Otis wrote:
>
> > Well vetted sources can be indicated by the signer with some type  
> > of  notation or semaphore.
>
> So, the signer -- who is most often the sender -- indicates to the  
> receiver whether or not the message is trustworthy?

This is making these assumptions.

1) A list of well-known and trustworthy domains can be compiled and  
freely distributed.

2) Few well-known domains are comprised exclusively of only well  
vetted sources.

3) A recipient can not reliably recognize email-addresses.

4) Trust is not easily managed at the email-address.


Assume MUA clients offers an ability to annotate messages based upon  
the DKIM signature.  A signed message from a major service provider  
will not offer much in the way of trust.  Millions of poorly vetted  
users will have their messages signed by this well known domain.  The  
same problem exists to a less degree when temporary workers obtain  
email-addresses within well known institutions.   When both halves  
the the email-address (right and left) are internationalized, the  
recipient will also be unable to recognize the email-address due to  
extensive character repertoires available allowing many many look- 
alikes.

Keep the list of well-known domains manageable.  Such a list should  
comprise the majority of critical transactional messages a recipient  
would normally see.  Without a means to differentiate internal  
sources, this list of well-known domains will become significantly  
diffused (expanded) when either hyphenated or  sub-domain names are  
utilized to differentiate the source being trusted.  When splitting  
the domain, the domain-name a provider may wish to have trusted would  
in fact not be well-known.  This bifurcation of domains, for purposes  
of re-establishing trust, will dilute brand recognition, confuse  
consumers, and play into the hands of phishers.  For example,  a  
provider "bigisp.com" might send administrative messages from either  
"bigisp-inc.com" or "admin.bigisp.com".  Their customers should be  
wary accepting these alternative, less known domains as more  
trustworthy.

Being able to differentiate better vetted sources _within_ the well- 
known domain restores a level of trust when messages are both signed  
by the well-known domain, and also marked as restricted (either  
transactional or administrative).  This assumes the well-known domain  
protects this trust by limiting access to these special keys (denoted  
by special selectors).  The well known service provider or  
institution could have their administrative or transactional messages  
obtain a trust annotation, without fearing one of their millions of  
customers or less trustworthy employees will spoof other customers by  
sending a hazardous message asking to apply a browser plug-in, for  
example.

-Doug