ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-05-25 18:05:55
from [Steve Atkins] [Permanent Link] 

On May 25, 2010, at 3:38 PM, Brett McDowell wrote:


On May 10, 2010, at 3:09 PM, Steve Atkins wrote:


On May 10, 2010, at 11:59 AM, John R. Levine wrote:


Apart from ADSP rules, a broken signature must be treated as if there was 
no 
signature at all. That in itself is not the problem. The problem with 
broken 
signatures is that people will not buy into a technology (DKIM) if it will 
not cover a significant part of their e-mail.


Of course.  That's why MLMs should sign their mail, or equvalently the MSA 
they use should sign it.  Problem solved, right?

Free bonus: MLMs can sign the list mail even if the contributor didn't 
sign it.


+1. It's pretty much a non-issue (unless you believe that DKIM is
magic fairy dust that will prevent all "fraudulent use of your brand").


I believe we can disagree without being disagreeable.  I'm sure there is no 
one on this list (or in the world) who thinks DKIM is magic fairy dust that 
will prevent all fraudulent use of a brand.


If ADSP is not there to prevent "fraudulent use of your brand", what
is it for?

While I don't think ADSP proponents actually believe it is magical brand
protection fairy dust, that is the operational model we're using when we're
discussing the usage of ADSP.

ADSP does not, and can not, provide significant operational value
in dealing with phishing, which is the only concrete example
anyone has brought forward. So we're left with "brand protection",
which is still plausible because it's so vague.

(If it were described as "Brand protection as applied to the section of
the byte sequence in the From: field that isn't the part usually displayed
to the end user" that would be less vague, but more obviously useless).




I would like to think we are all on this list making a good faith effort to 
explore and debate the right way to deal with the status quo, including the 
option of sustaining it.  I personally don't agree with the position that the 
status quo should be sustained, but I respect both that position and those 
who articulate it.



Yes, this summary may be blunt and possibly even disagreeable, but
there comes a point when developing something that's going to affect
many, many people that you have to mention the elephant in the room -
which is that while lots of people involved have invested quite a bit of effort
and professional credibility in putting it together there's still no definition
of what problem it's supposed to solve, and the end result appears to
be pretty much useless for any concrete phishing or brand protection
scenario.


Cheers,
  Steve


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] more on discardable, was Lists "BCP" draft, Douglas Otis
Next by Date:  Re: [ietf-dkim] ADSP, was Lists "BCP" draft available, Brett McDowell
Previous by Thread:  Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Brett McDowell
Next by Thread:  Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]