ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New Issue: draft-ietf-dkim-threats-00 DKIM can be effective within the Originator's AdmD

2006-01-26 17:38:15
from [Jim Fenton] [Permanent Link] 
Doug,

As I think I mentioned before, Section 2 doesn't deal with threats to
DKIM, it deals with threats in the absence of DKIM.  So this isn't the
right place to bring up opaque IDs.  Section 4.1.4 paragraph 4 discusses
the potential usage of opaque IDs, which I think is the right context.

-Jim

Douglas Otis wrote:

,---
| 2.3.2.  Within Claimed Originator's Administrative Unit
|
| ... Since the submission of
| messages in this area generally occurs prior to the application of a
| message signature, DKIM is not directly effective against these bad
| actors.  Defense against these bad actors is dependent upon other
| means, such as proper use of firewalls, and mail submission agents
| that are configured to authenticate the sender.
'---

While currently DKIM does not offer a standardized means to both track
and immediately revoke abuse emanating from the originating domain,
abuse of this nature represents a substantial portion of the abuse
problem.  The dkim-options draft illustrates mechanisms comprised of
persistent Opaque-IDs and revocation records.  By using a persistent
O-ID, the AdmD source of abuse can be tracked and readily reported by
third-parties.  Resolution of the abuse is also made apparent by use
of the revocation record.  This scheme neither exposes or depends upon
an email-address.

http://www.ietf.org/internet-drafts/draft-otis-dkim-options-00.txt

Should be:
: Although the submission of messages may be prior to the application
: of a message signature, submissions are commonly authenticated
: internally within the AdmD by mail submission agents.  By including
: a persistent identifier within the signature, a substantial source
: for email abuse can be abated with the use of DKIM.  The identifier
: itself can be block-listed by the sending domain immediately
: without requiring the expiry of a key TTL.  Defense against bad
: actors is also improved with the proper use of firewalls and OS
: maintenance.
_______________________________________________
ietf-dkim mailing list
http://dkim.org


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] How mailing lists mutate messages, Jim Fenton
Next by Date:  Re: [ietf-dkim] Re: draft-ietf-dkim-threats-00 Unreasonable estimate of impact from a highly probable exploit, Jim Fenton
Previous by Thread:  Re: [ietf-dkim] New Issue: draft-ietf-dkim-threats-00 DKIM can be effective within the Originator's AdmD, Douglas Otis
Next by Thread:  RE: [ietf-dkim] How mailing lists mutate messages, Bill.Oxley
Indexes:  [Date] [Thread] [Top] [All Lists]