Frank Ellermann wrote:
Hector Santos wrote:
There are only five possible outcomes for DKIM-BASE: none, pass,
fail and 1st party and 3rd party versions of pass and fail.
I'm not aware of any FAIL in DKIM, or rather it's by definition
the same as NONE, isn't it ?
That's correct. See the entire message. I broke it up so you can see
the difference.
That would simplify your table to three rows. You could add
the "process" vs. "deny" business resulting in more columns (?)
If you fold them, then you a complex situation where you can't repudiate
a DKIM-BASE policy.
For example, for strict or all policy
Scenario #1 Mail is really really NOT signed.
Scenario #2 Mail is signed by invalid
In scenario #1, you have a 100% zero false positive of non-repudiation.
It is a condition that everyone agrees is invalid. No one can
repudiate this.
In scenario #2, if you fold this into a NONE signature, then you do not
have a zero false positive situation because the reality was "altered"
from the fact there was an real attempt at a signature process - but
some reason it failed. The only way to deal with this deterministically
is with handling=process or handling=deny.
So in effect, there is a "conflict" with handling= and the DKIM-BASE
inherent policy of promoting dead signatures to NONE.
Talking about "0% false positive" in conjunction with the "1st
author" approach is utter dubious, but I guess I mentioned this
already in the last years ;-)
I think if you keep "reputation" out of this, then you can better see
it. This analysis applies to blind to the good or bad. We all must play
on the same field first.
I hope this analysis shows that there is no reputation here.
You could use reputation to decide what "+1" actually means,
e.g. "spammer managed to get SSP right", or to decide if you
wish to evaluate SSP at all. Or you could decide to ignore
DKIM if there's no chance to get a "-1", IIRC you wanted to
use SSP always *before* checking DKIM, or did you drop that ?
Its a protocol consistency modeling analysis. You have to establish your
boundary conditions before you can even try to simulate real world
behavior. It is DKIM-BASE that defines the conditions and rules of the
game. SSP is just the "referee" :-)
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html