ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: wg formation status?

2005-12-02 18:59:48

On Dec 2, 2005, at 2:25 PM, Jim Fenton wrote:
Stephen Farrell wrote:

All of this suggests that de-coupling the TA for the core functionality, from that of the policy-related enhancements, will be necessary if we are to stay on schedule.

I think that that may turn out to be the case, but I'd rather
see the next revision and work from there.

My inclination is to include the policy pieces in the TA. If they turn out to be a major obstacle, then we can decide what to do about that but we'll need a threat analysis of them at some point and I'd rather not start out planning to break this into two documents.

There would be greater clarity and likely better progress made by isolating threats related to the basic DKIM signature mechanism from that of threats related to policy.

The SSP draft seems largely based upon a speculated value proposition of protecting the client and related email-address domain, while disregarding cases that will affect the majority of users where this protection is not achieved. Assurances of protection or added display of policy status only increases the potential for recipients being misled, which seriously erodes a dubious value proposition. Expectations that the application of strict policy comparing the email-address with that of the signing-domain offers protection from threats, assumes abusers won't adapt and employ techniques where such policy offers no protection whatsoever.

A separate paper that speculates on the use of a recognition technique in comparison with that of the authorization technique should be more productive at fleshing out the choices. This seems to be a topic worthy of a separate paper. In addition to offering improved protections, a recognition approach also avoids the unintended consequence of unfairly making the email-address domain owner accountable for authorizations, as currently occurs with other authorization schemes. Such shifting of accountability invariably will be highly disruptive, expensive, and ultimately ineffectual at containing abuse.

There will be a draft submitted shortly attempting to describe how a recognition strategy may offer similar protections for the "high- value" domain case, but avoids the unintended consequence which may result in coercion of a strict and disruptive authorization policy. An authorization mechanism based upon a contained email-address will ultimately reduce choice and expose greater amounts of personal information. The recognition strategy, although conceptually a bit more elaborate, should also introduce less overhead. Overhead would be another concern related to a DoS threat. Even without any added overhead related to DKIM or SSP, sites today are struggling to cope with virus propagations while still retaining service for legitimate email.

-Doug


_______________________________________________
ietf-dkim mailing list
http://dkim.org