Thomas,
I think what needs to be highlighted in that when it comes to phishing, the
bad actor would have to phish both the policy domain (author) and signing
domain.
The bad guy can't use the real domain in either entity since both methods
will be able to detect an error.
However, in a DKIM-BASE only environment, since the mandate is to ignore all
signature failures as if the message was never signed, the bad guy doesn't
have to phish the signing domain. He can just target the apathetic "cry
wolf" systems that ignores errors. This has a risk of getting thru to the
end user.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "Thomas A. Fine" <fine(_at_)head(_dot_)cfa(_dot_)harvard(_dot_)edu>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>; <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Tuesday, September 12, 2006 12:41 PM
Subject: Re: [ietf-dkim] SSP = FAILURE DETECTION
SSP has an advantage when we assume that criminals are
stupid enough to keep sending forged mail. It has no
advantage with look-alike attacks. Guess what criminals
will do.
Without SSP, users have two opportunities for making mistakes in
verifying their mail. They can fail to notice that it is unsigned,
or they can fail to notice that it is from a wrong domain.
With SSP, users only have to look for the wrong domain, because
they should never see the unsigned mail.
Maybe someone who's an expert in human factors can relate this to
statistical decrease in errors by the user. My feeling is that
the less a user has to worry about, the more likely they are going
to successfully examine their message and determine it's origin.
tom
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html