Re: [ietf-dkim] Blocking improperly signed messages
2006-12-11 14:35:22
Doug,
In lieu of no MUA that currently supports your DKIM address book ideas,
are you suggesting that every SMTP or MUA system that is waiting for the
standardization of DKIM will also have to use Levine's and Hoffman's new
non-standard, untested, unverified, no threat analysis, commercial DAC
venture in order to get any PAYOFF or BENEFIT from DKIM?
In other words, are you saying without DAC, DKIM is useless?
Is this the reason why SSP is being brushed aside? Because the DAC group
have succeeded in clouding the SSP picture and non facts that it work
hence the non-standard DAC should be used instead with DKIM?
The why are we wasting time with SSP requirements. If enough people
here are so CONVINCE that DAC is the ultimate technology to be used with
DKIM, why they do do an official IETF I-D proposal? Why did Paul
Hoffman, one of the Key IETF GODS, stray away from using the IETF to
standardized DAC?
I'm sorry, you have to excuse me, but I am engineer at heart, and none
of this make sense to me. Too much politics and self-interest for me
going on here.
---
HLS
Douglas Otis wrote:
On Dec 12, 2006, at 2:06 AM, Hector Santos wrote:
The fact of the matter is you are directly competing and blowing
against the wind with the every growing MTA trend of REDUCING
unsolicited abusive mail and spam BEFORE it gets to the user. Whether
you like it or not, its a reality both technically and every more
growing in the legal world. Its happening. So get use to it.
DKIM might be used for white-listing (assuming the SMTP client can be
associated with the signing-domain). White-listing does not get rid of
abusive mail, it trades off other measures that might be more costly in
terms of integrity or overhead.
DKIM however can never reduce the level of abuse through the application
of a restrictive policy. DKIM can reduce the level of abuse by making
spoofing unsuccessful. There are millions of new domains created every
day at no cost to the bad actor. Neither SPF or DKIM identify new
sources based upon some restrictive policy. A restrictive policy adds
little, if any anti-spoofing protection when the recipient must still
visual recognize the originator based upon what they see.
Authentication and recognition is where progress is made, often by
intelligent filtering at this point that is not based upon a policy
record. DKIM in conjunction with a recognition scheme provides
reasonable protections without any policy record being used. The policy
record requirements should instead focus on ensuring a larger portion of
email can be recognized without complex three-party administration, as
now envisioned. Focus upon enabling a greater use of
DKIM+Recognition+Annotation.
So either DKIM-BASE is going to be part of the solution or its not, at
the very least, my INPUT says that SSP will give it a fighting chance
and in all honestly, will help people, as yourself, in your market who
have a direct interest in seeing users' make the final decision of all
messages.
With a recognition scheme that adds annotation on messages found in
their address-book or on a DAC compatible list, this will help people by
providing the desired protections. A restrictive scheme takes away
freedoms without little protective benefit, but at a loss of email
integrity.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains, (continued)
- Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains, Scott Kitterman
- Message not available
- Re: [ietf-dkim] Blocking improperly signed messages, Hector Santos
- Re: [ietf-dkim] Blocking improperly signed messages, Steve Atkins
- Re: [ietf-dkim] Blocking improperly signed messages, Damon
- Re: [ietf-dkim] Blocking improperly signed messages, Steve Atkins
- Re: [ietf-dkim] Blocking improperly signed messages, Hector Santos
- Message not available
- Re: [ietf-dkim] Blocking improperly signed messages,
Hector Santos <=
- Message not available
- Re: [ietf-dkim] Blocking improperly signed messages, Paul Hoffman
- Re: [ietf-dkim] Blocking improperly signed messages, Damon
- [ietf-dkim] Re: Blocking improperly signed messages, Frank Ellermann
- Re: [ietf-dkim] Re: Blocking improperly signed messages, Steve Atkins
- Re: [ietf-dkim] Re: Blocking improperly signed messages, Damon
- [ietf-dkim] Re: Blocking improperly signed messages, Frank Ellermann
- Re: [ietf-dkim] Re: Blocking improperly signed messages, Wietse Venema
- Re: [ietf-dkim] Re: Blocking improperly signed messages, Hector Santos
- Message not available
- [ietf-dkim] Re: Blocking improperly signed messages, Frank Ellermann
- Message not available
- Re: [ietf-dkim] Blocking improperly signed messages, Scott Kitterman
|
|
|