ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] on the scope and necessity of threat analysis

2005-08-13 05:11:13
Arvel Hathcock wrote:
Here's what I think (sorry, posting too much I know):

What you need to do is explain what the real problem
you are trying to solve is, and then explain the degree to
which DKIM does or does not solve that problem.


Here's the real problem I would like to solve:  (Domain owner speaking
here):  Recipients of messages from my domain currently have no method of
verifying whether the message conforms to my sending policy or not; nor can
they know whether the content of the messages sent from my domain are as
they were intended to be.  I'd like to be able to solve those problems.

I think you're still stating this somewhat in terms of DKIM when you refer to "sending policy" because the notion of sending policy is heavily tied to certain assumptions about implementation. Why not simply say that you want recipients to be able to know that a particular message content that purports to be from an author in your domain was written or authorized by that author, that the content of the message is as it was written, and that the transmission of the message to the recipient was authorized?

It is unwise to take it as an axiom, or a matter of
faith, that any kind of authentication is a good thing.
We have seen several examples of authentication
systems, both inside and outside of the email world,
that turned out to be a poor fit for many of the
authentication problems that people needed to solve.


Authentication is always and everywhere a good thing but you're right when you say that some authentication techniques fit better than others for various applications. A signature based system seems to me to be the perfect fit for electronic mail.

Email authentication is not a good thing if either (a) it's such a poor fit for the problems that people need to solve that it costs more (in money or time) than it's worth, (b) it is so easily defeated that it provides a false sense of security, or (c) it provides misleading indications of authentication failure so often as to adversely affect email reliability. I think it can be fixed, but IMHO DKIM is currently in danger of meeting criteria (a) and (c) for being a bad thing.

Keith
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim