Re: [ietf-dkim] r= for instilling good domain-name practices
2006-05-01 19:18:58
On May 1, 2006, at 5:08 PM, Mark Delany wrote:
Colo[u]r me confused, but I don't see what this has to do with the
base function of a domain claiming responsibility.
While the signer may be expected to react in cases of abuse, the base
DKIM signature mechanism does not safely impart trust above the least
trustworthy source being signed by the domain. It remains doubtful
how effective a reaction to abuse will be, for that matter. Whether
for messages from financial institutions or an ISPs, additional
protection is required to both protect and retain the recipient's
trust of messages being signed by a domain. The DKIM signature
should not be considered to provide a good reactive mechanism, but it
can be a good proactive mechanism.
Is this r= thing fundamental to that function or could it be
developed as a separate exercise above and beyond the base?
A wait in establishing a means to protect trust (based upon message
annotation or filtering) may invoke a reaction to this limitation
that could prove highly counter-productive. The need for the added
protection related to trust easily exceeds that of the x= parameter,
in comparison. Without a means to segregate sources of differing
levels of trust or vetting, the only remaining alternative would be
to utilize additional domain-names. A reaction, due to this
protective oversight, may produce a plethora of similar domain-
names. These additional domain names may actually result in phishing
being even more lucrative, rather than being abated by the DKIM
signature. : (
After all, the whole point of the tag=value syntax is so that
additional functionality can be seamlessly added on.
The r= parameter, as just described, can be incorporated as an option
when needed, in the same manner as the x= parameter. For many, the
additional annotation may not be needed. In critical cases however,
this r= annotation may prove vital at preventing rather dangerous
exploits, and rather bad practices. The real value of DKIM is found
proactively establishing trust for selected messages from trusted
domains. In many, if not most cases, trust is better assured by
offering an assured means to select messages. It remains doubtful
such selection can be achieved through the recognition of email-
addresses.
If r= is non-essential, then can we leave those discussions until
after the base work is done, otherwise it's just hindering us.
A good point. There is no desire to hinder progress for non-critical
concerns. The r= parameter, or something similar, should be provided
at the outset to avoid the proliferation of "segregated" domain
names, a critical concern. While companies such as yahoo have dealt
with the problem of diminished trust of their well-known domain name
by employing additional domain names, such as yahoo-inc, this
strategy should be viewed as a bad practice when abating a phish
threat. The r= parameter provides an alternative to the use of
different domain names when segregating sources. Hopefully
describing just three levels low (as a warning), normal, and high (as
an assurance) is something easily understood and yet still provides a
feasible alternative to segregating domains.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
|
|