ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-23 11:28:22
> Now, Keith will no doubt argue that DKIM is of marginal value at best unless 
we
> extend it into these areas. Simply put, I disagree. For example, even in the
> absence of SSP DKIM at a minimum provides a service that can make
> whitelisting/blacklisting far more reliable.

I strongly disagree.  If DKIM is used in this way it can only address a
one or two of the several problems with blacklists - one of which is
granularity and the other is the frequency with which IP address blocks
  get reassigned to other parties - particularly when they get
blacklisted.  I've seen too many problems with blacklists that were
unrelated to either of these.

Some progress... By your own admission DKIM _does_ address "one or two of the
several prolems". That's good enough for me, especially when attempting to
further is a recipe for disaster. And seem to recall you arguing very
vociferiously a few IETFs back that we need to pursue mutiple mechanisms, each
only capable of solving one or two problems.

Simply put, blacklists lie.  More generally, any time a party (e.g. a
blacklist) is entrusted to make decisions on behalf of a huge number of
parties with diverse interests and needs (recipients), it's going to
make a poor decision a significant fraction of the time.  Some
blacklists are more responsible than others, but I haven't yet seen one
that, if trusted to block mail, doesn't block a significant amount of
legitimate mail.

I don't see how the issue of whether or not it is appropriate to trust third
party accreditation services is in any way relevant to the matter at hand.

                                Ned
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>