ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-threats-00 Overlooking a practical solution while also recommending a highly unfair solution

2006-01-24 15:59:36
from [Douglas Otis] [Permanent Link] 

On Jan 24, 2006, at 2:36 PM, Stephen Farrell wrote:

Douglas Otis wrote:
---[D: Overlooking a practical solution while also recommending a highly unfair solution.] 
,---
|4.1.4.  Chosen Message Replay
|
| ... One approach to this problem is for the
| domain to only sign email for clients that have passed a vetting
| process to provide traceability to the message originator in the
| event of abuse.
'---
Unless there is an expectation that individuals obtain their own certificates from a trusted authority, individual reputations on a cost-free email-address would be completely futile and unfair as DKIM does not necessary verify the valid use of an email-address anyway. Another strategy not mentioned would be establishing a practice where incoming signatures are overlaid with verification results. Recommending an overlay practice should replace recommending the impossible of establishing the reputation for individual email- addresses. There is _no_ means that would be fair without using individual CA certificates. The recipient domain can be fairly held accountable for ensuring that incoming signatures are protected using signature overlays. The vetting process would be made when deciding whether it would be _safe_ to sign a message destine for a particular domain. Replay abuse can not assume the email-address associated with the message had participated. There is _no_ fair means for holding an email-address accountable! A domain or IP address must always be made accountable with respect to any reputation scheme!
This appears to be a fairly pure rant. What's the suggested alternate text? (And here's a hint: I doubt very much that it'd be useful to suggest defining a new mechanism like the above in this section where we're basically describing threats.)
Sorry. My hackles rise with suggestions to hold the email-address accountable. 

The text should be:
: As it is impossible to know whether the email-address associated
: with the signature or just the email-address associated with the
: RCPT TO: caused the replay abuse, one approach may be to develop
: a strategy that always holds the receiving domain accountable
: for exposing the signature and allowing a recipient within the
: domain to either act alone or in conjunction with the sender to
: perpetrate message replay abuse.

-Doug

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-ietf-dkim-threats-00 Misstatement of the DKIM mechanism, Stephen Farrell
Next by Date:  Re: [ietf-dkim] draft-ietf-dkim-threats-00 Unreasonable estimate of impact from a highly probable exploit, Douglas Otis
Previous by Thread:  Re: [ietf-dkim] draft-ietf-dkim-threats-00 Overlooking a practical solution while also recommending a highly unfair solution, Stephen Farrell
Next by Thread:  RE: [ietf-dkim] draft-ietf-dkim-threats-00 Overlooking a practicalsolution while also recommending a highly unfair solution, Bill.Oxley
Indexes:  [Date] [Thread] [Top] [All Lists]