On Mon, 2005-08-29 at 21:46 -0400, Scott Kitterman wrote:
Would it be fair to characterize your position that DKIM (base and SSP)
has some potential utility for describing some messages as NOT
authorized by the mailbox domain, but that it's ability to give a
positive assurance of authorization is limited?
DKIM will increase the leverage afforded abating abuse. An abuse
problem affects many domains largely due to the prevalence of
compromised systems. While shared servers represent increased risk,
there is also risk from compromised systems, even within a domain that
constrains which mailbox-domain can be used in the "originating"
headers.
In addition, a signature can be replayed, so this presents a new type of
risk not mitigated with traditional rate limiting. A significant
advantage that signing the message affords would be with a convention
where the signing domain adds an opaque account identifier that can not
be forged, but can be separately evaluated. This would allow
individuals to bind these identifiers with critical entities (conducting
financial transactions perhaps), where there is a desire to
automatically detect future spoofing even within the same domain.
Many may envision an authorization scheme that works in the special case
where there is a direct relationship between the signing-domain and the
originating mailbox-domain. I envision a generalized scheme that works
without a direct relationship between the signing-domain and the
originating mailbox-domain. A generalized scheme provides less
administrative efforts and adapts quickly to current practices.
Efforts constraining the mailbox-domain to be directly related to the
signing-domain are counter productive. These types of constraints will
create situations where there must be a trade-off between being
protected or being able to use email without administrative
difficulties. In addition, the level of granularity associated with
mailbox-domain authorizations would be less effective at abating abuse
than a granularity that resolves to an account that is independent of
the mailbox-domain. A type of free-association of relationships, where
the greater point resolution provides improved protections.
To answer your question, DKIM's great advantage is from the ability to
add new verifiable identifiers. In comparison, restricting
(authorizing) what servers can sign a mailbox-domain offers less and not
greater protections compared to selective bindings.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org