Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit
2006-04-18 21:54:46
On Apr 18, 2006, at 6:56 PM, Stephen Farrell wrote:
Douglas Otis wrote:
If 7 days provides for the SMTP transport, and people in Sweden
and France want to verify messages following their 5 week
vacation, then this would require a minimum of 42 days of key
availability. The suggestion for 45 days provided an additional 3
days to assure availability following such a vacation.
Eh... That's nonsense. You may as well say that if I choose to stay
offline for a year, then everyone has to abide by that and leave
keys lying about until I'm back.
When a large portion of a country's population goes on vacation for 5
weeks (or maybe all of August), as provided by local laws, 90% of the
time they would have normal access to their email. This would
significantly affect the distribution of transit delays. A message
verified at the MUA, where keys are removed every few days, then
expose these individuals to the fraud DKIM could have prevented, even
when only checked at the MUA. August may become a phishing season. : (
If you knew the distribution of transit times based on some
reasonable sample, then I'd listen. Presumably there's a bell curve
in there and we could argue about how many std. devs. to ask
signers to take into account. Anything less soundly based is only
as good as our charter, i.e. "a few days at most" so we may as well
stick with that.
"A few days at most" is _not_ what the charter says.
"... the expected transit time of a message from originator to
recipient, which is normally only a matter of a few days at most.
Most engineers would read this sentence differently, looking for what
is being measured. Normal latency is _really_ not important nor
significant consideration for establishing a limit.
Consider a European work schedule with an 8 hour work day 5 days a
week, where email access is obtained from a system at the work
place. The standard deviation for email access latency would be
about 50 hours. Key availability needs to accommodate the possible
SMTP latency of 7 days + access latency where 16/48 hours may be
predominate latency. This latency would suggest 99% of an area under
a Gaussian bell curve or normal distribution would be encompassed by
adding an additional 6.26 days to that needed for SMTP latency. The
problem with this conclusion is that the distribution caused by a
vacation is _not_ Gaussian.
Ostensibly non-arbitrary vacation rules don't count. The fact that
you forgot maternity/paternity/parental leave e.g. in Bayern or
Ireland and the fact that those durations differ and change outside
the control of the IETF are all exceptionally good indicators that
you're basically way off base.
Human behaviors are always outside the control of an IETF standard,
however a protective standard should accommodate typical human
behaviors. In some countries, a human induced latency within the MUA
transport may commonly extend for better than a full month, where the
mean is still 50 hours.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, (continued)
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Lyndon Nerenberg
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Lyndon Nerenberg
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell
- [ietf-dkim] Collecting SMTP delivery data., Lyndon Nerenberg
- Re: [ietf-dkim] Collecting SMTP delivery data., Hector Santos
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit,
Douglas Otis <=
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Michael Thomas
- Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis
RE: [ietf-dkim] x= lets senders expire responsibility, Hallam-Baker, Phillip
RE: [ietf-dkim] x= lets senders expire responsibility, Bill.Oxley
|
|
|