ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] the actual problem DKIM addresses, was Review of draft-fenton-dkim-threats-01

2005-11-01 21:58:36
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "John Levine" <johnl(_at_)iecc(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>



Absent SSP (or something like it), then in the broad sense of the
word, DKIM does need some kind of reputation system to be effective.


That depends what problem you're trying to solve, since there are some
that only involve validating that the sending address is real without
caring if the sender is nice or nasty.

A simple example is mailing list signups: if a subscription request
shows up and it has a DKIM signature from a domain that matches the
address that's signing up, I think it would be reasonable to skip the
confirmation step, without any reference to the signer's reputation.


Good point. But in my view, I see that as an implementation feature a List
vendor might want to offer. It should not be part of spec recommendation,
but maybe indicated as insight; ..."*MAY* consider using DKIM verificaton
for subscription confirmations."


The problem is mail address forgery, we all agree that DKIM is a
reasonable way to address it, and for the purposes of the WG there is
no need to get into what other higher order problems might or might
not be solved thereby.


Agreed.


PS: If this sounds like I don't care whether we do SSP, that's right,
but it seems to me that SSP is at worst harmless so there's no reason
not to do it so long as it doesn't get in the way of the main job.


Fair enough, but in my opinion, SSP is the heart and soul of the DKIM
protocol.   Without it, DKIM effectiveness is lowered and what will happen
is propensity for operators to punt from the 70 yard line - IOW, ignore it
on the receiver side, and on the signing side, avoid it, because of the same
relaxed provisions exploitable effects you are very familiar with SPF.
Yahoo.com signs all its mail leaving its server.  That's cool.  What about
or what does that say about the 1000x more yahoo.com spoofed mail coming
from external entry points?  How are we suppose to address it?  What is
YAHOO.COM claiming?

        "Our mail is ok, do what you please with all
         other non-yahoo network sender???"

With such a high-non-trust value for external yahoo mail, why should we
trust the mail from yahoo.com machines?  Is yahoo claiming they have
controls in USER INPUT at their machines, hence mail coming from their
machines should be deemed safe?

Of course, yahoo is only claiming is that the mail came from their machines.
Period. Nothing more.  But it would be more useful if they can tell the
receivers who bear the blunt of the abuse, if other unknown machines can use
their domain account, and whether lack of signature has any bearing on this
detection.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] A.K.A CVS/DNA - Re: opaque-identifier scaling, Hector Santos
Next by Date:  [ietf-dkim] Re: opaque-identifier scaling, Douglas Otis
Previous by Thread:  Re: [ietf-dkim] the actual problem DKIM addresses, was Review of draft-fenton-dkim-threats-01, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Review of draft-fenton-dkim-threats-01, Eric Rescorla
Indexes:  [Date] [Thread] [Top] [All Lists]