Hector Santos wrote:
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Now that sounds *very* complicated, or else, very marginal
(in terms of places it could be used).
A bank? Maybe with the growing "e-Medical" market, a doctor? or in general
any high-value domain who will most likely have a Donald Trump "HUGE"
expectation for direct 1 to 1 like exclusivity with no middle ware
tampering.
Ah - fair enough - you could always set aside or setup a subdomain for
this kind of thing to lessen the impact.
There is harm there - we'd at least be creating a new
DoS opportunity where none would exist otherwise, and
that I definitely dislike.
How would this Exclusive (I am the only one to sign) SSP policy DoS work and
if so, why would not there be a defense?
Right now, I'd mostly be concerned about the accidental DoS
where some intermediary also signs. However, I guess if
someone could control mail routing from one of the outbound
(untrusted) MTAs then they could send the mail via an innocent
signer in order to affect the mail, without being easily blamed.
I guess if you could bring down some connection then you
might be able to get mail re-routed from outside.
I believe I've demonstrated a case where this is harmful. I've
yet to see an equivalent demonstration that its useful!
Or more general, where is the DoS where it would not be otherwise today? I
just don't see how we are not defensive minded on DoS across the board, but
for this one, we are?
I hope we consider DoS all the time,
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html