ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Reading the entrails, was Moving to consensus

2009-03-22 04:07:32
from [HLS] [Permanent Link] 
On 3/21/09, John R. Levine <johnl(_at_)iecc(_dot_)com> wrote:


We really need to reset our vision from the blacklist model to whitelist.
With blacklists, there's no fundamental difference between the behavior of
bad guys and good guys, we're forced to use complicated ever expanding
heuristics to try to tell the difference, and we constantly have to change
them as bad guys adapt whatever behavior we attribute to good guys.  But
with a whitelist model, you say here's what a good guy does, you design it
in a way that bad guys can't fake, and you're done.


Which almost sounds reasonable, John, but worthless if there is no
HUMPH (rejection) behind that whitelist model.   When what is expected
in the good guys isn't what you get, ignoring or neglecting this state
information can be dangerous to the all parties -  receiver, the
domain and the users.   While a buddy-2-buddy blanco list system does
work,  it won't work very well in a much wider anyone-2-anyone
anonymous world.

So lets keep it simple:

Any domain who wish protection against fraud using  DKIM needs to use
a standard anchor (From:) to allow AUTHOR domains to  define what is
expected in their messages they create.

Overall, I think you mixed out the black/white methods erronously.

In the blacklist model,  I believe you might be using a model where
there isn't extra information about the sender.    The same issues
applies to a whilelist model, in fact, this can in fact present more
danger when a whitelist just accepted anything from this sender
without using some extra level of information.

DKIM and POLICY raises the bar.  Its no longer the same model.   Here
you can have more reliable  black or white listing models based on the
extra level of information.   Both black and white is the same ideas -
one rejects, one accepts.  Either can have rules. its really a point
of reference only:

Black:

    Reject all mail with Author Domains that expose Always Sign Policy and
    the message is not signed (or invalid).

White:

    Accept with a GOLD STAR all mail with Author Domains that expose
    Always Sign Policy and  the message is valid

Whats safer?

To me, the black list DKIM model.

-- 
hls
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Moving to consensus on draft-ietf-dkim-rfc4871-errata, SM
Next by Date:  Re: [ietf-dkim] Moving to consensus on draft-ietf-dkim-rfc4871-errata, Eliot Lear
Previous by Thread:  Re: [ietf-dkim] Reading the entrails, was Moving to consensus, John R. Levine
Next by Thread:  Re: [ietf-dkim] Reading the entrails, was Moving to consensus, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]