ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-19 08:29:38
On Fri, 2005-11-18 at 22:29 -0500, Scott Kitterman wrote:

That or the title of the thread is bogus.

I could equally say if we were trying your approach something like Doug's 
non-SSP security relies upon every MUA in the world being upgraded and is 
useless until then.

What you appear to be saying, once again, is that SSP is useless because it 
isn't a universal solution to phishing.

Meeting the requirements of an SSP policy would _not_ be a safe basis to
highlight the message.  This would assume the recipient recognizes
perhaps subtle differences in domain appearance. 

The binding approach does not depend upon any MUA being upgraded.
Automatic bindings ('w=b'/==) cached at the MDA allows placement into
special folders or rejection of messages in the _same_ manner as the
"o=!" policy.

The overhead for the binding recognition (BR) approach at the MDA would
be much lower than looking for SSP policies which risk unfair use.  The
BR strategy can also deal with a normal diversity of transports used in
conjunction with email-addresses without any complex administration.  To
some extent, the greater the diversity, the greater the security. : )

-Doug




_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>