ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] on the scope and necessity of threat analysis

2005-08-12 16:43:32
Here's what I think (sorry, posting too much I know):

What you need to do is explain what the real problem
you are trying to solve is, and then explain the degree to
which DKIM does or does not solve that problem.

Here's the real problem I would like to solve:  (Domain owner speaking
here):  Recipients of messages from my domain currently have no method of
verifying whether the message conforms to my sending policy or not; nor can
they know whether the content of the messages sent from my domain are as
they were intended to be.  I'd like to be able to solve those problems.
(Email admin speaking here): I'd like to know whether a message I allow into my network
is authorized by the domain owner in the FROM header and I'd like to know
whether the message contains the same content that the signing
domain intended.  Domain-level assurances are good enough for me from both
perspectives.

Here's how I think the degree to which DKIM does solve the problem plays
out:  (Domain owner speaking here) DKIM provides the ability to distinguish
messages that conform with my local policy from those which do not.  It also
provides the ability to spotlight messages which have been altered.  (Email
user speaking here):  DKIM provides the ability to distinguish messages
which conform with the policy of the domain in the FROM header from those
which do not and it spotlights content change.

Here's how I think the "degree to which DKIM does not" solve the problem
plays out:  DKIM does not prevent unauthorized use of any domain.  DKIM does
not mandate or gaurantee how messages failing to conform to signing policy
will be handled.  DKIM does not specify how (or even if) an indication of
forgery will be displayed to end users.  DKIM is an input into local policy
decisions.  But it is an important and solid input.

It is unwise to take it as an axiom, or a matter of
faith, that any kind of authentication is a good thing.
We have seen several examples of authentication
systems, both inside and outside of the email world,
that turned out to be a poor fit for many of the
authentication problems that people needed to solve.

Authentication is always and everywhere a good thing but you're right when you say that some authentication techniques fit better than others for various applications. A signature based system seems to me to be the perfect fit for electronic mail.

--
Arvel



_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim