----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
On Sat, 2005-11-05 at 00:38 -0500, Hector Santos wrote:
And how do to a VERIFIER or SIGNER get this "exposed expressed desire?"
How
does the VERIFIER and and possibly RESIGNER get this information?
The opportunistic scheme is rather simple, so I try fewer words.
Thanks. I appreciate it. So if its simple, should we expect some have
pseudo-code very soon? :-)
As the MDA sees broad-bindings with matching domains, it compiles a list
of these matches. This list could be simply the domain-names.
this-bank.com
that-bank.com
pay-this.com
pay-that.com
this-store.com
that-store.com
Perhaps these names are stored in a zone or a database. It does not
matter.
No, doug, you didnt' answer the question.
Where do you get the "expose expressed desire" that a domain will even want
you to sign its messages in the first place? Does the domain have choice in
the matter?
Even then, it does matter. You have a major threat by avoiding first time
inconsistency. With your idea, a system will need more sampling to get a
better feel. What if its one phish per system attack spread across a tens of
thousands, even a million systems? Are you now going to throw in a RAZOR
like concept into every expanding solution pool so that these participant
P2P systems can learn from each other?
Why not just reject it with a 451 because of the match failure? If its a
legitimate SMTP system, his SMTP system is designed to retry.
Your chart should not offer hostile treatment when email-addresses don't
match the signing-domain, unless they are on a list.
Doug, the CHART has nothing to do with with a LIST, LEARNING, ANALYSIS,
DIAGNOSTICS or BEHAVIOR of domains. The chart simply allows systems to STOP
the CRIME before it happens. The chart offers a theoritical 69% (25/36)
hard results with zero false positive ACCEPT/REJECT conditions. It has 31%
(11/36) states where there is insufficient data to make a hard decision.
However, in these cases, there is nothing to prevent a system or
implementation to augment a pattern recognition learning concept of repeated
failures.
Doug, you are totally mis-representing the entire idea of what SSP is
suppose to do. I'm sorry, but I can't help but feel you are doing this
intentionally.
When they are not on the list, then the reputation of the
signature would simply be evaluated.
There you go again, We are back to a DNA concept.
Where is the pseudo-code?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org