ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-14 16:46:30
from [Jon Callas] [Permanent Link] 

1. DKIM makes it easier to detect sender forgery.  The three important
kinds of forgery are:

* Pretending to be someone with a good or neutral reputation to avoid
recognition as someone with a bad reputation (spam)

* Pretending to be someone with a good reputation to take advantage of
that reputation (phish)

* Pretending to be someone with a good reputation to send material
intended to damage that reputation (joe job)

There are other forgery scenarios possible, but these are the ones I
see every day and the ones that seem important to deal with.
I think I'm in violent agreement with you. I'd state it slightly differently.
There is nothing in an ordinary email message except for the RCPT TO line and the IP address of the host that sent it to you (equivalent to the top-most Received header) that is reliable. Anything in an email could have been created by the proverbial monkeys at typewriters while they were on their lunch break from banging out the plays of Shakespeare. Sadly, all too many messages these days were in fact generated by the aforementioned monkeys.
A DKIM signature lets you take some reasonable subset of the message you received and know that it came from a designated source (assuming the signature verifies, of course; monkeys are capable of banging out invalid signatures).
This is more reliability than email has ever had before. This reliablilty has a number of useful side effects. You list three of them above. However, the main benefit of DKIM is that you know where the message came from.
I'm not trying to be twee when I phrase it this way. The reason I am phrasing things this way is that mentioning words like "spam" and "phishing" seems to be a sure-fire way to rathole a discussion about DKIM. 


2.  DKIM avoids depending on endpoints.  That is not to say it can't
be done at endpoints, but its design is tuned to work on mail servers.
The reasons are that endpoints are hard to set up (because there are
so many of them, and they're unmanaged) and usually insecure.

3.  DKIM matches the ways that mail is sent and received.  ISPs can do
DKIM for their users, list management software can do DKIM on mailing
lists, common kinds of forwarding work, etc.



Couldn't agree more with these.

        Jon

_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] a bit of philosophy on working group productivityandscope, Arvel Hathcock
Next by Date:  RE: [ietf-dkim] a bit of philosophy on working groupproductivityandscope, James Scott
Previous by Thread:  [ietf-dkim] Not exactly not a threat analysis, John Levine
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]