Doug,
I would like to say that the only thing that a properly resolved dkim sig
suggests is that the message came from the signing domain, no more no less. It
allows better resolution of responsibility without any absolute assigning of
same.
thanks,
Bill
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org on behalf of Douglas Otis
Sent: Tue 1/24/2006 5:56 PM
To: Stephen Farrell
Cc: IETF-DKIM
Subject: Re: [ietf-dkim] draft-ietf-dkim-threats-00 Overlooking a
practicalsolution while also recommending a highly unfair solution
On Jan 24, 2006, at 2:36 PM, Stephen Farrell wrote:
Douglas Otis wrote:
---[D: Overlooking a practical solution while also recommending a
highly unfair solution.]
,---
|4.1.4. Chosen Message Replay
|
| ... One approach to this problem is for the
| domain to only sign email for clients that have passed a vetting
| process to provide traceability to the message originator in the
| event of abuse.
'---
Unless there is an expectation that individuals obtain their own
certificates from a trusted authority, individual reputations on a
cost-free email-address would be completely futile and unfair as
DKIM does not necessary verify the valid use of an email-address
anyway.
Another strategy not mentioned would be establishing a practice
where incoming signatures are overlaid with verification results.
Recommending an overlay practice should replace recommending the
impossible of establishing the reputation for individual email-
addresses. There is _no_ means that would be fair without using
individual CA certificates. The recipient domain can be fairly
held accountable for ensuring that incoming signatures are
protected using signature overlays. The vetting process would be
made when deciding whether it would be _safe_ to sign a message
destine for a particular domain.
Replay abuse can not assume the email-address associated with the
message had participated. There is _no_ fair means for holding an
email-address accountable! A domain or IP address must always be
made accountable with respect to any reputation scheme!
This appears to be a fairly pure rant. What's the suggested
alternate text? (And here's a hint: I doubt very much that it'd be
useful to suggest defining a new mechanism like the above in this
section where we're basically describing threats.)
Sorry. My hackles rise with suggestions to hold the email-address
accountable.
The text should be:
: As it is impossible to know whether the email-address associated
: with the signature or just the email-address associated with the
: RCPT TO: caused the replay abuse, one approach may be to develop
: a strategy that always holds the receiving domain accountable
: for exposing the signature and allowing a recipient within the
: domain to either act alone or in conjunction with the sender to
: perpetrate message replay abuse.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org