ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A few SSP axioms

2006-08-02 14:04:16

----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
Sent: Wednesday, August 02, 2006 2:47 PM
Subject: Re: [ietf-dkim] A few SSP axioms


Hmmmmmm, unknown router and transient issues wasn't obvious?

It wasn't obvious that that was your concern. And if it is
your concern then I guess you never meant that the additional
signature was a negative, you were saying that any additional
trace field is a negative - a statement that has nothing much
to do with crypto.

I think we might clearer now, but I do want to say so,  I have consistently
held the position since day one, that exclusivity offers among the highest
level of protection for local domain policies.  It was the same position I
held during SPF development.   As easily predicted, the neutral or relaxed
SPF policies was empirically shown to be abusive and more and sites are
using exclusive (hard pass/fail) policies along with argument forwarding
solutions.

DKIM was attractive because it offered a way to resolve the IP forwarding
problem and also offer strong, exclusive policies.  So since day one, I
repeated the same mantra here, with no reason to believe history will not
repeat itself:

      DKIM relax policies are weaker than exclusive policies

and thus are the most exploitable policies.

But what DKIM also had was SSP in its initial proof of concept and it helped
to resolve many of the exploitations possible.  Unfortunately, it
deemphasized, and now watered down. :-(  Hopefully, it will all work out.

So if we want to bring this back to need for Exclusivity, only a technical
merit question that can be brought up is level of survivability.

Look at it this way: We have the multiple policies just like we have
multiple c14 methods; one is stronger with less survivability, and one is
weaker with higher survivability.

Its the same concept.

Anyway, I think if we exclude this policy, it weakens the possibilities for
DKIM.

Enuf with this. :-)

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html