ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-16 20:29:31
from [John Levine] [Permanent Link] 
Hmmn.  I fear I see a lot of searching for our glasses under the
streetlight.


b) so that if Alice sends an advertisement to Bob, and Bob forwards  
it to a large number of other addresses, it is clear that Bob, not  
Alice is responsible for the messages forwarded by Bob.


Bob is all(_at_)mycompany(_dot_)com, a distribution list with a lot of names on
it.  Alice is Krazy Kevin, who looks for lists he can send spam
through.  Why is Alice off the hook here?  I get tons of mail through
distribution lists, including a lot of spam from Krazy Kevin back when
he was sending spam rather than eating it, and I can't recall ever
seeing a remailing joe job, so this is hardly a hypothetical
counterexample.


c) (maybe) so if Alice wants to send advertising to Bob with the  
promise that she will pay Bob $1 for reading it, Bob cannot  
distribute the message to N of his friends so that they'll each get  
$1 also.


Hmmn.  Pay to read ads systems already exist, and they work by putting
a unique URL in each message that you can only click once.  Can we
agree that this is not a problem that anyone has asked us to solve?


I think things need to be as easy to understand as we can make them,  
but not so simple that it misrepresents reality when there's an  
important difference between cases.


I think we're trying to define a scheme that provides a level of
accountability that is useful for evaluating incoming mail, not
something that captures the semantics of every possible relationship
among a group of people.



Well, DKIM doesn't make it through this list unless you use l=
and z=. :)


We definitely had this argument before.  You cannot expect signatures
to survive mailing lists (as opposed to courtesy forwards) unless you
loosen the signing algorithm to the point that it will accept
mutations that people wouldn't consider to be the same message, e.g.,
adding new MIME parts.  Even if you do so, lots of lists will still
break the signature.  Look at the way Yahoo groups rewrites its tag
into an HTML formatted or multipart/alternative message, for example.
That's why all of the list survival stuff is optional, and I would be
surprised if many people used it.

R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, John Levine
Next by Date:  Re: [ietf-dkim] on DKIM as an anti-spam measure, Keith Moore
Previous by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]