Internet Engineering Task Force                          P. Hallam-Baker
Internet-Draft                                              VeriSign Inc
Intended status: Informational                             July 13, 2008
Expires: January 14, 2009


                            DKIM Extensions
                  draft-hallambaker-dkim-extensions-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 14, 2009.

Abstract

   Optional extensions for DKIM are described.  A DKIM Policy statement
   is defined for the policy 'this zone never sends mail'.  The NULL Key
   Algorithm is defined to simplify management of large zones where most
   mail is signed but with important exceptions.  The X509 key record
   extension allows the location from which an X.509v3 certificate for
   the key specified in the record may be obtained.









Hallam-Baker            Expires January 14, 2009                [Page 1]

Internet-Draft               DKIM Extensions                   July 2008


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . . . 3
   2.  NoMail Policy . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  NULL Signature Algorithm  . . . . . . . . . . . . . . . . . . . 3
   4.  X509 Certificate Location Extension . . . . . . . . . . . . . . 3
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 4
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
   7.  Security Considerations . . . . . . . . . . . . . . . . . . . . 4
   8.  Normative References  . . . . . . . . . . . . . . . . . . . . . 4
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 4
   Intellectual Property and Copyright Statements  . . . . . . . . . . 5






































Hallam-Baker            Expires January 14, 2009                [Page 2]

Internet-Draft               DKIM Extensions                   July 2008


1.  Introduction

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].


2.  NoMail Policy

   The NOMAIL policy is declared in an SSP record using the tag
   "NOMAIL".

   No parameters are specified for the NOMAIL policy.

   If specified the NOMAIL policy states that no mail is sent from the
   domain to which it is attached.  All mail that purports to have been
   sent by that domain MUST be considered suspicious.


3.  NULL Signature Algorithm

   The NULL Signature algorithm is a DKIM signature algorithm that
   always produces the same signature value regardless of the message
   contents.

   A message signed with the NULL signature MUST be treated as if it
   were unsigned for all purposes other than verifying compliance with a
   DKIM policy.  For purposes of policy compliance, a message that
   carries a NULL signature is considered to be compliant if and only if
   it is consistent with the signing restrictions specified in the key
   record.

   A key record that specifies the NULL signature algorithm SHOULD
   specify usage restricted to specific senders.


4.  X509 Certificate Location Extension

   The x509 key record extension specifies a URL from which a
   certificate chain corresponding to the key specified in the key
   record may be obtained.

   The key chain is specified as a CMS SignedData structure with no
   data.





Hallam-Baker            Expires January 14, 2009                [Page 3]

Internet-Draft               DKIM Extensions                   July 2008


5.  Acknowledgements

   The ideas in this document arose from extensive discussions with the
   DKIM working group, in particular Hector Santos and others.


6.  IANA Considerations

   This document requests allocation of a DKIM SSP tag 'NOMAIL'


7.  Security Considerations

   The NOMAIL policy MAY be employed to perform a denial of service
   attack.


8.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.


Author's Address

   Phillip Hallam-Baker
   VeriSign Inc

   Email: pbaker@verisign.com






















Hallam-Baker            Expires January 14, 2009                [Page 4]

Internet-Draft               DKIM Extensions                   July 2008


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.











Hallam-Baker            Expires January 14, 2009                [Page 5]