On Nov 7, 2005, at 4:36 PM, Hector Santos wrote:
About the greater good:
"Breaking is in the eyes of the beholder!"
The base specifications for DKIM is fine, where improvements could be
included as options.
The SSP draft has a fundamental flaw that introduces many potential
problems that can be voided. There are applications in place accrue
reputations against the email-address when justified by an
authorization of any sort. This makes open-ended policy statements
such as permitting third-party signing extremely problematic. Even
your chart indicated the reputation of the signer was of little
value, but instead used mainly the From/signer association. With
SSP, any complaints go to the email-address domain owner instead of
the signer. That "provider's" view must be shared, understood, and
accepted before moving forward with something so dramatic. This is an
unfortunate situation that is not really the fault of the DKIM proposal.
The desired for a small sub-set of the domains to require the
association of the From/signer can be made without incurring the
risks associated with a policy statement referenced by the From email-
address. Getting rid of the From based policy provides the needed
freedom to _really_ permit the option of not of not requiring a From/
signer association. As it turns out, this alternative can be
extended to also uniquely identify a source without the use of an
email-address. In other words, end spoofing even without a From/
signer association! This alternative also requires less overhead and
offers even more flexibility with respect to classes of users. This
alternative would be to opportunistically acquire binding association
assertions on-the-fly and caching it. If the resulting domain list
where placed into a local resolver's zone, then checking policy would
always be a fast single-lookup that could be applied against all
messages, signed or not.
There could even be groups that could publish these lists as a
service. Should a message be received where the From is within the
domain of the signer, then the related binding assertion overrides
the binding asserted by appearing within the list. In this case, the
message with a matching From/signing domain would always be
authoritative. This approach achieves all the same goals, but
without the problems related to mail-lists, as this would not be the
normal mode of operation.
DKIM without SSP can be better than with SSP. Take out the SSP
approach, and there should be fewer concerns with respect to
potential impact, while there would not be any benefit lost. If
anything there would be greater benefits as this approach offers more
information without incurring additional overhead.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org