ietf-dkim
[Top] [All Lists]

[ietf-dkim] More of a marketting plan really

2005-08-23 12:18:49
My threat analysis has a rather different starting place. My objective
is not so much to solve a particular problem as to identify a 'killer
application' where there is:

*       A clearly understood pain point.
*       A core constituency that is directly affected by the pain point
and has the ability to bring the necessary resources to bear to solve
it.
*       A reasonably compact technical architecture that does not have
dependencies on undeployed infrastructure.

We are 'lucky' enough to have two such pain points:

*       The cost of running spam filtering systems is very high for the
largest ISPs and for providers of spam filtering services. This cost
could be significantly reduced if there was a better way to identify the
good incoming mail. Signing emails is a much more robust authentication
technique than the simple address based scheme described earlier.
*       Phishing spam that impersonates a trusted brand. A large number
of banks are willing to make a significant investment to sign all their
outgoing emails provided that doing so brings an immediate benefit.

So far DKIM has been driven mostly by the first pain point which does
not require any additional infrastructure.
The second pain point has been touched upon but we are dealling here
with a social engineering attack and DKIM is going to be a component of
a solution rather than a solution in itself but the dealling with that
problem is going to require a trasmission signature and the backing of
TTP services.
 
The real challenge in deployment is to build to critical mass. Once the
scheme has got to the point where it is self sustaining there is no
problem adding additional features. The key is avoiding a dependency
that is going to increase deployment costs and potentially stall
deployment.
The main objection to the initial pain points is that they only affect a
small group and the benefits may not be equitably distributed. This is
particularly the case for the first pain point.
 
_______________________________________________
ietf-dkim mailing list
http://dkim.org
<Prev in Thread] Current Thread [Next in Thread>