ietf-dkim
[Top] [All Lists]

The Value of Reputation (was Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail (dkim))

2005-12-27 08:36:32
On Dec 24, 2005, at 4:09 PM, Douglas Otis wrote:

On Fri, 2005-12-23 at 17:27 -0500, Nathaniel Borenstein wrote:

Far from trying to "leave only one authorization method," the DKIM
effort is an attempt to show, by example, how an arbitrary number of
such methods might eventually be elaborated and standardized.

There is danger viewing any abuse control mechanism as representing a
"authorization" scheme.  The control method should strive to identify
the source of abuse, and not just whether the message has been
authorized.  The DKIM signature provides a fairly strong indication of
the message source, with a normal potential for abusive replay as with
any cryptographic method.

I'm sorry, the "authorization method" was an echo of the term used in the mail I was replying to (which is why it was in quotes). I was really trying to generalize to a whole range of technologies without making my wording too awkward. Perhaps I should have replaced "such methods" with "antimalware technologies" or "abuse control mechanisms." In any event, I fully agree that the term authorization, in this context, is both A) insufficiently generalized, and B) troublesome on countless philosophical grounds.

Reputation remains the only solution able to abate the bulk of abuse.

The word "only" makes me cringe a bit in any discussion like this (a global fascist state, for example, is another possible solution), but I think most of us pretty much agree about the critical role of reputation. I see the cycle as going like this: We need at least one standardized, moderately-useful system for weakly authenticating the sources of messages. Once we have that, we have the minimal data that a reputation system will require to be able to start doing something at least mildly useful. Once we have *that*, we will have (in our reputation systems) a built in "market" for additional systems for (perhaps less weakly) authenticating the desirability (not necessarily solely due to the source) of incoming messages. To some extent, there's a chicken-and-egg problem with authentication and reputation technologies. My hope for DKIM is that it will give us one good enough egg to produce a chicken, which can then (in much the manner that Cain and Abel found their wives, I guess) facilitate a whole new generation of authentication technology eggs.

When
reputation is applied against an "authorization" as an identifier,
innocent email-address domain owners will be seriously harmed.  Abusers
will find acceptance methods for an authorization scheme.

Yes, every one of these schemes will be flawed. That is why we need to understand A) the role of "weak authentication" (weeding out some but not all of the bad guys at any point in time, and using multiple sources of information to judge the desirability of a message) and B) the need for a continually evolving set of (ever-stronger, we hope) mechanisms for proving that a message is desirable to the recipient. Some of those mechanisms will also involve (ever-stronger, we hope) sender authentication, but others could eventually involve technologies as unrelated to authentication as anonymous payment. -- Nathaniel


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>