ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 16:54:53
On 8/4/06, Mark Delany <MarkD+dkim(_at_)yahoo-inc(_dot_)com> wrote:
On Fri, Aug 04, 2006 at 06:44:34PM -0400, John L allegedly wrote:
> >I cannot see how SSP can do anything but make false positives more
> >likely. The real question is whether the gain in eliminating harmful
> >mail is worth the occassional false positive.

I guess I'm a little confused about the false policy concern.

If a signer wants to take that risk, isn't that for them to decide?

Yes but.. I don't think that everyone is going to be aware of the risk
or ignore it thinking it can't happen to them. I still haven't stopped
smoking even though the Surgeon General puts all that scary warning
stuff on my smokes. It can't happen to me...


Also, if the usual strategy of a verifier is to bounce (or be
encouraged to bounce) the offending email, a "I sign all" sender will
almost always know about delivery failures of originally signed
traffic and be able to act accordingly.


I like the bounce idea too, but then we get into the whole attack
thing. Some poor schmuck with a little sparc2 trying to handle all the
verifier bounce traffic from ohh. let's say... Yahoo ;)


Damon
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html