dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dkim-ops] hammering with a soldering iron, was subdomain vs. cousin domain

2010-09-13 13:32:36
from [Hector Santos] [Permanent Link] 
Murray S. Kucherawy wrote:


Hector wrote:

No Murray. But perhaps someone should be because the responsibility is
now once again shifted from the passive 3rd party signer back to the
visible 1st party 8222.From equal d= domain transaction.  As far as
the potential millions of potential receivers are concern, the Author
Domain is once again responsible for signing the message.


And rightly so, in this scenario.  But even if it's a visible 
third-party delegation, now the From: is associated with a third-party 
and a bad signature.  Are you saying that's better?  If so, based on what?


If anything Murray, traceability - verifiers and assessors would know 
who is the responsible signer and it isn't the principle author domain.

In the advent of this anticipated new reputation scoring market, it 
would be the primary domain at risk - not the passive 3PS service. 
The 3PS domain is protected from harm while collecting the bucks. :)


Worst, when the signature fails, the wrong domain brand and unknown
reputation scoring across receivers is negatively hurt.


That would be a poor implementation.  A failed signature is supposed 
to be treated as no signature.


But why would not a national food/entertainment store chain (one you 
would know of if you have/had kids) outsourcing their "Get free 
tokens" and coupon spams to their few million subscribers be concern 
or at least find out if their payoff is being minimized or could be 
potentially minimize in the near future with these faults?

Hence we back to the policy question again. I always felt this RFC 
4871 mandate - a policy mind you in its own right, was molded because 
of SSP and remained when SSP was split from DKIM.  But the more we 
deemphasize policy, the more pressure we have to keep broken 
signatures for "reputation" or heuristic assessors and worst, design 
pressures to consider the even more drastic changing the 5322.From to 
match the last signer in the mail path either because of ADSP or to 
provide the "positive appearance of 1st party mail."

Its a vicious cycle. We'll figure it out one day. :)

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dkim-ops] subdomain vs. cousin domain (when deploying"discardable"), John Levine
Next by Date:  Re: [dkim-ops] BCP for authorizing third-parties ([...] was subdomain vs. cousin domain), Murray S. Kucherawy
Previous by Thread:  Re: [dkim-ops] hammering with a soldering iron, was subdomain vs. cousin domain, Murray S. Kucherawy
Next by Thread:  Re: [dkim-ops] hammering with a soldering iron, was subdomain vs. cousin domain, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]