ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Review of draft-fenton-dkim-threats-01

2005-11-01 12:49:01
Eric Rescorla wrote:
Arvel Hathcock <arvel(_at_)altn(_dot_)com> wrote:


Since the people I know involved with DKIM expect it
to be plenty useful without third party reputation services,
I'm not sure what your point is.

Well, they may expect it to be, but I haven't heard any arguments
along those lines that I find convincing.

Really??  If I see a message which is DKIM signed by iecc.com and
iecc.com is on my "DKIM white-list" this is pretty useful info right?
I can probably get away with relaxing or even skipping heuristic spam
filtering on that email with a fair degree of comfort.  How is the
utility of that in any way unclear?


The scenario you cite is likely of *some* utility but it's not clear how
much, or if it exceeds the cost of implementation and design. The answer
to that question depends on (at minimum) (1) what the false positive
rate would have been without the whitelisting (2) the degree of
predictability about whitelist contents (for attackers), and (3) the
level of zombie infection--or more precisely potential zombie
infection--of the domains which are on the whitelist. It's not clear to
me that we have good data on any of these questions, let alone an
analysis that incorporates all of them.

There's a really, really easy way to get answers to all
of these questions: standardize dkim. There's a *lot* of
people -- large ISP's, vendors, enterprises, etc -- who
are waiting with bated breath to find out the answers to
these questions. On the other hand, navel gazing is guaranteed
to produce equivocal results, and in the end will almost
certainly get it wrong.

                Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org