ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Policy decision tree outcomes

2006-11-15 04:57:17
from [Charles Lindsey] [Permanent Link]
On Tue, 14 Nov 2006 16:57:28 -0000, Hallam-Baker, Phillip <pbaker(_at_)verisign(_dot_)com> wrote: 


From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles Lindsey



AXIOM-2 denied.

If it finds a satisfactory authentication from a signer with
an apalling reputation, it should be _very_ suspicious.
In fact if the sender has a bad reputation I will not even bother to verify the signature let alone the policy. I will return to this when proposing a processing algorithm for my policy mechanism.
The apalling reputations I have in mind are when the signer is a known spammer who tries to dupe people by providing a valid signature which has no value. Oddly, in this case, it would have marginally more value if verification failed. 


> LEMMA-2: There is no value in distinguishing between any of
the cases
> A, B, C, D
>

>     AXIOM-4:    There is no value in distinguishing between
states that
>            can be reached by an attacker.

AXION-4 Denied.

Attackers can easily do bad things before the message is
submitted to the
MSA.

It is much harder to attack a message once it has left its
originating
MUA. You either need to have accomplices inside the ISP, or
to be able to
hack into it, or to have discovered a weakness in its
procedures, ... .
This limits the states that attackers can easily be reach,
and verifiers
are quite entitled to attribute more suspicion to the easier states.
OK: correction no point in distinguishing between states that are reachable with equal degree of difficulty.
But there may well be value in distinguishing the likelihood of some state being reached accidentally rather than deliberately. So you might conclude that C1 was more (or maybe less) likely than C2, according to your esperience of how well genuine signatures survive on the real net. So if you are using spamassassin and applying a given score to a missing signatue (case A) you might apply a different score to a failed signature (case B) and a different score again to an unacceptable signature (case D). And the score would in all cases be adjusted according to the SSP reported by the signer. 

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl 
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Re: Last Call: 'DomainKeys Identified Mail (DKIM) Signatures' to Proposed Standard (draft-ietf-dkim-base), Tony Hansen
Next by Date:  RE: [ietf-dkim] Policy decision tree outcomes, Hallam-Baker, Phillip
Previous by Thread:  RE: [ietf-dkim] Policy decision tree outcomes, Hallam-Baker, Phillip
Next by Thread:  RE: [ietf-dkim] Policy decision tree outcomes, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]