Hallam-Baker, Phillip wrote:
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Amir Herzberg
...(skip: my suggesting not to exclude replay protection done on top of
DKIM)
Actually I think it might work for the limited set of cases where replay
is a spam threat.
The replay attack is largely limited to public ISPs, in particular free
webmail accounts. It may not be a huge burden to these to sign the
recipient list.
yes.
Recipient lists do get changed in flight of course, forwarders do this.
But an intelligent receiver can certainly make some educated guesses and
the level of intelligence required is much less than we already require
for our existing spam engine.
Right. It becomes a receiver policy, and while I agree (e.g. with John)
that this may be hard (John may say impossible or at least unlikely) to
deploy, why should DKIM `exclude` this?
There is also the policy revocation hack I have described.
I support that as well.
I'm not suggesting DKIM should be
modified to support that, indeed this is not required at DKIM
level at all, but I think the text now seems to exclude this
usage, and this should be fixed imho.
I suggest the text be fixed to say that DKIM does not by itself provide
a full and effective control against this attack but may be extended to
do so.
Right.
Here are few additional, minor comments:
1. You use the term `zombie` without definition in p. 2, then
`compromised computers` later (in 5.1)... pick one; my
suggestion: use `zombie` and in the first use, add
`(compromised computers)`.
I would use the term 'compromised computers'. The less jargon we use the
better, particularly in a technical forum.
Where should we use our jargon if not in a technical forum?
Just kidding; you're right, less jargon is better. Let's just say
compromised computers - no point in saying `zombies` and defining it to
save just one word (compared to two)...
I was in a recent meeting where people were throwing around the term
'pharming'. Thirty minutes into the meeting I realized that people were
using two completely different definitions.
I don't like the pharming term at all.
...
In general I would avoid the terms worm and virus because they are now
obsolete. The real threats we see today are blended. Distinguishing
between the two categories was always rather bogus, now there is no
useful distinction.
Agreed!!
I am particularly sad to see companies treating anti-spyware as a
separate category from anti-virus. It's the same crap, one product
should do it all.
But isn't it better than selling just one anti-malware product? :-)
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
_______________________________________________
ietf-dkim mailing list
http://dkim.org