On Dec 2, 2005, at 2:25 PM, Jim Fenton wrote:
Stephen Farrell wrote:
All of this suggests that de-coupling the TA for the core
functionality, from that of the policy-related enhancements, will
be necessary if we are to stay on schedule.
I think that that may turn out to be the case, but I'd rather
see the next revision and work from there.
My inclination is to include the policy pieces in the TA. If they
turn out to be a major obstacle, then we can decide what to do
about that but we'll need a threat analysis of them at some point
and I'd rather not start out planning to break this into two
documents.
There would be greater clarity and likely better progress made by
isolating threats related to the basic DKIM signature mechanism from
that of threats related to policy.
The SSP draft seems largely based upon a speculated value proposition
of protecting the client and related email-address domain, while
disregarding cases that will affect the majority of users where this
protection is not achieved. Assurances of protection or added
display of policy status only increases the potential for recipients
being misled, which seriously erodes a dubious value proposition.
Expectations that the application of strict policy comparing the
email-address with that of the signing-domain offers protection from
threats, assumes abusers won't adapt and employ techniques where such
policy offers no protection whatsoever.
A separate paper that speculates on the use of a recognition
technique in comparison with that of the authorization technique
should be more productive at fleshing out the choices. This seems to
be a topic worthy of a separate paper. In addition to offering
improved protections, a recognition approach also avoids the
unintended consequence of unfairly making the email-address domain
owner accountable for authorizations, as currently occurs with other
authorization schemes. Such shifting of accountability invariably
will be highly disruptive, expensive, and ultimately ineffectual at
containing abuse.
There will be a draft submitted shortly attempting to describe how a
recognition strategy may offer similar protections for the "high-
value" domain case, but avoids the unintended consequence which may
result in coercion of a strict and disruptive authorization policy.
An authorization mechanism based upon a contained email-address will
ultimately reduce choice and expose greater amounts of personal
information. The recognition strategy, although conceptually a bit
more elaborate, should also introduce less overhead. Overhead would
be another concern related to a DoS threat. Even without any added
overhead related to DKIM or SSP, sites today are struggling to cope
with virus propagations while still retaining service for legitimate
email.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org