On Oct 5, 2005, at 9:57 AM, Hallam-Baker, Phillip wrote:
I read the threat analysis and agree with the content
I think that we can elaborate the threats against DKIM
indefinitely. The important thing is that the threat analysis in
its current form answers the two major questions relevant at this
point:
* What threat does DKIM defend against
* Given the previous attempts to do this type of work why is DKIM
likely to be more successful?
I agree, there should be greater clarity with regard to realistic
defenses offered by the DKIM mechanism, especially in the third-party
scenario you described.
...
What DKIM does is to allow a party to accept responsibility for an
email message. This is very different to the traditional S/MIME,
PGP, PEM, MOSS objectives.
...
Repudiation offers _minimal_ value when combined with an easy to
exploit mailbox-domain authorization scheme. Abusers will adopt
requisite conventions that defeat repudiation. Ascribing repudiation
as a goal would be a mistake when reputation _must_ be applied as a
defense. However, with minor modification permitting replay
abatement, reputation should offer protection.
To defend reputation, there must not be reliance upon third-party
checks of associated identifiers. Only directly verified identifiers
should be included within a defensive reputation mechanism. Any
reputation scheme depending upon an unaccounted third-party is likely
doomed by inevitable costly disputes.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org