On Wednesday 30 September 2009 15:21:12 Jim Fenton wrote:
I'm really hoping that receiving domains don't overreact to ADSP 'all'
assertions
going off what you said http://mipassoc.org/pipermail/ietf-
dkim/2009q3/012515.html you're hoping everyone is on the same page.
; there is a very large difference between publication of an
'all' record and a 'discardable' record.
at least discardable is clear even if it is hard to deploy on human email
populated domains.
Domains publishing 'all'...
Verifying/assessing receivers should understand that signatures do get
broken, so they might want to scrutinize messages that are received
without a valid author domain signature more carefully when an 'all'
practice is published
One way they might do this is to add a positive
bias to the spam score calculated by SpamAssassin and similar content
filters.
So a broken cryptographic signature with a dkim=all policy assertion comes
down to a fuzzy filtering policy. And this needs to apply to all received mail
and not just email lists (after all what's a semi-reliable signature of an
email address that won't be abuse the second you define it).
is this that can be done?
This might be counteracted by the presence of a DKIM signature
from a trusted domain, such as the venerable mipassoc.org.
ok - so similar what I was talking about with verification. Receiver's need to
maintain a trusted third party domain list so that ADSP=all senders can be
received relying on third parties if their signature is broken.
better, but is a bit of a maintenance load.
The 'discardable' practice is intended only for transactional domains
and similar domains having very restricted usage patterns.
acknowledge. Though cannot be applied to existing domains that have staff
emails and are a high phishing target.
A 'discardable' domain probably has no business using mailing lists; many
of their messages would/should not be delivered.
ack
I hadn't considered
the possibility of the mailing list manager software checking ADSP and
rejecting subscription requests if the subscriber domain publishes
'discardable', that might be an interesting idea although of course many
subscribers don't ever send anything to the lists anyway.
you could just as easily test on mailing list manager reception rather than
subscription.
To summarize:
'all' and 'discardable' are NOT the same
Please interpret 'all' with the understanding that signatures do get
legitimately broken (don't overreact)
and apply some random filtering mechanism that cannot tell whether it is
spoofed or not.
One other comment: One of your earlier messages referred to a missing
signature as 'fails ADSP really badly'. This implies that a present but
invalid signature is better than a missing signature.
Please don't think of it this way,
I wasn't - I definitely was considering invalid the same as missing treatment
wise.
--
Daniel Black
Infrastructure Administrator
CAcert
signature.asc
Description: This is a digitally signed message part.
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev