A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dkim-overview-01.txt
I hope you don't a problem with the criticism, but I have an problem with
the following subjective opinion statements in section 5.2:
It is now generally accepted that the correct semantics for an email
signature verifier to adopt are to treat messages with signatures
that fail as if they are unsigned.
I don't get it. Why are you continuing trying to "mold" people thinking to
ignore Failure Analysis? You have absolutely no control over this. I can
almost guarantee you that as DKIM moves into the mainstream and people being
to realize the unprotected nature of this protocol facsimile, you have
absolutely no control or mandate over how people will analyze their junk. If
they see a pattern related to BAD DKIM signatures, rest assured people are
not going to ignore it. Anyway, it doesn't make sense. You can't remove
the markings of a failure by simply saying "ignore it."
It is highly unlikely that an attacker is going to add a digital
signature to a message unless doing so causes the message to be
treated more favorably than an unsigned one.
Again, not true. You have no clue what attackers will do. And just as the
CODERED and SORBIG viruses/worms have shown the world-wide industry,
attackers most definitely use the concept of attacking population
and numbers of legacy/flawed systems. It is a proven methodology used over
and over again. They will use fake DKIM signatures or even promote them as
bad if a population of "ignore the bad" systems prevail across many default
systems. The reason? You stated it yourself:
Any messages that carry signatures that fail verification are
thus much more likely to be a genuine message that has been
damaged in transit than an attempted forgery.
And for this reason, the attacker will hope this is exactly what you
expect to prevail - the creation of a mindset that errors are not malicious
but more than likely the natural exhaust of the new DKIM system. It is
highly probable they will exploit this flaw.
Finally, I think this this pushing of "responsibility" mantra
alittle too much to the extent, if it becames standard, it can create new
legality issues.
It think it is inconsistent to promote responsibility when there are no
assurance that controls are predictable or expected at the verifiers. With
the lack of policy verification controls, I think organizations will think
twice about wanting to take responsibility when the odds are high that
verification is going to be a weak aspect on DKIM.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html