ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] SSP = FAILURE DETECTION

2006-09-09 12:02:06
from [Dave Crocker] [Permanent Link] 


Wietse Venema wrote:

Here is an example why first-party signatures can be dangerous.


Right.
They key point, to me, is that a signature by the rfc2822.From domain is likely to help control against some existing types of phishing, but it clearly will not help against others.
Worse, we have no empirical data about what is or is not effective, in helping end-users to detect phishing. So, to the extent that end-users figure into anyone's expectations about DKIM's benefits against phishing, we are flying quite blind.
Therefore, to the extent that anyone touts a DKIM-based mechanism as defeating phishing, we run the risk of undermining all of DKIM's credibility, by setting expectations far too high. 

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] user level ssp, Wietse Venema
Next by Date:  Re: [ietf-dkim] user level ssp, wayne
Previous by Thread:  Re: [ietf-dkim] SSP = FAILURE DETECTION, Wietse Venema
Next by Thread:  Re: [ietf-dkim] SSP = FAILURE DETECTION, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]