Re: [ietf-dkim] Blocking improperly signed messages

Doug,

In lieu of no MUA that currently supports your DKIM address book ideas, 
are you suggesting that every SMTP or MUA system that is waiting for the 
standardization of DKIM will also have to use Levine's and Hoffman's new 
 non-standard, untested, unverified, no threat analysis, commercial DAC 
venture in order to get any PAYOFF or BENEFIT from DKIM?
In other words, are you saying without DAC, DKIM is useless?

Is this the reason why SSP is being brushed aside? Because the DAC group 
have succeeded in clouding the SSP picture and non facts that it work 
hence the non-standard DAC should be used instead with DKIM?
The why are we wasting time with SSP requirements.  If enough people 
here are so CONVINCE that DAC is the ultimate technology to be used with 
DKIM, why they do do an official IETF I-D proposal?  Why did Paul 
Hoffman, one of the Key IETF GODS, stray away from using the IETF to 
standardized DAC?
I'm sorry, you have to excuse me, but I am engineer at heart, and none 
of this make sense to me.  Too much politics and self-interest for me 
going on here.
---
HLS



Douglas Otis wrote:
> On Dec 12, 2006, at 2:06 AM, Hector Santos wrote:
>
> > The fact of the matter is you are directly competing and blowing 
> > against the wind with the every growing MTA trend of REDUCING 
> > unsolicited abusive mail and spam BEFORE it gets to the user.  Whether 
> > you like it or not, its a reality both technically and every more 
> > growing in the legal world. Its happening. So get use to it.
> DKIM might be used for white-listing (assuming the SMTP client can be 
> associated with the signing-domain).  White-listing does not get rid of 
> abusive mail, it trades off other measures that might be more costly in 
> terms of integrity or overhead.
> DKIM however can never reduce the level of abuse through the application 
> of a restrictive policy.  DKIM can reduce the level of abuse by making 
> spoofing unsuccessful.  There are millions of new domains created every 
> day at no cost to the bad actor.  Neither SPF or DKIM identify new 
> sources based upon some restrictive policy.  A restrictive policy adds 
> little, if any anti-spoofing protection when the recipient must still 
> visual recognize the originator based upon what they see.  
> Authentication and recognition is where progress is made, often by 
> intelligent filtering at this point that is not based upon a policy 
> record.  DKIM in conjunction with a recognition scheme provides 
> reasonable protections without any policy record being used.  The policy 
> record requirements should instead focus on ensuring a larger portion of 
> email can be recognized without complex three-party administration, as 
> now envisioned.  Focus upon enabling a greater use of 
> DKIM+Recognition+Annotation.
> > So either DKIM-BASE is going to be part of the solution or its not, at 
> > the very least, my INPUT says that SSP will give it a fighting chance 
> > and in all honestly, will help people, as yourself, in your market who 
> > have a direct interest in seeing users' make the final decision of all 
> > messages.
> With a recognition scheme that adds annotation on messages found in 
> their address-book or on a DAC compatible list, this will help people by 
> providing the desired protections.  A restrictive scheme takes away 
> freedoms without little protective benefit, but at a loss of email 
> integrity.
> -Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html