ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-19 12:52:29
On Sat, 2005-11-19 at 11:30 -0500, Scott Kitterman wrote:

What you are saying is that just because a message meets an SSP requirement 
is not a safe basis for an MUA marking them somehow good.  I agree with 
that, but I think it's outside the scope of what this almost working group 
is supposed to do.

Of course design of an MUA would be beyond the scope of the DKIM WG.
Facilitating security in the face of newer characters-sets and look-
alike domains remains a desirable feature made possible by a binding
approach. 

IIRC, the farthest in that direction we go is an optional task for a header 
to communicate DKIM results.

The binding assertion would simply be an option within the base DKIM
draft.  This would not require an additional draft, however there could
be some informational drafts to describe how to use this feature.


My view of restrictive SSPs is that messages that fail the restrictive
test should be rejected during the SMTP session. This will reliably
get the rejection notification back to a legitimate user and keep it
out of any bad message folder I have to periodically review.

Automatic bindings could offer the same level of protection at the MTA
without risking the side-effects produced by authorization records.  


I think you miss the point about the potential value of restrictive SSPs to 
the receiver.

A binding recognition strategy does not forgo this style of protection.
After many years, caching "broad" binding at the MTA/MDA could be
depreciated. 


I don't need better methods to sort messages into folders.  
I will need better methods in the future to avoid having to deliver bad 
messages at all.

No mechanism, no matter how complex, will prevent Bad Actors from
sending their messages.  Don't even suggest SSP will reduce the number
of bad messages!

The DKIM signature will be useful at locating the source of abuse.  The
DKIM signature, in combination with "binding recommendations" can reduce
a much wider range of spoofing without the recipient needing to pass an
eye-test.

OK.  So, bottom line is that you aren't wrong, but I think your 'threat' is 
based on a false premise and out of scope.  

You agree that SSP does not provide a mechanism to prevent spoofing
without reliance upon visual presentations, but that a scheme which
avoids this reliance as an option within the DKIM signature is out of
scope?  The "broad" binding mode would offer the same ability to reject
messages at the SMTP session as would the SSP 'o=!' policy, but in
microseconds rather than seconds.

-Doug






_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>