ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-05-26 09:36:42
+1

My favorite line from Mike's email is "there is value that can be leveraged in 
conjunction with other tools as part of an overall anti-abuse
program. "

An example of how this fits into an overall strategy is captured in a white 
paper PayPal published in 2008:

https://www.thepaypalblog.com/2008/04/a-practical-app/

(the link to the paper is in the last paragraph of that blog post)

-- Brett

On May 26, 2010, at 9:22 AM, MH Michael Hammer (5304) wrote:



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Tuesday, May 25, 2010 7:03 PM
To: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion


On May 25, 2010, at 3:38 PM, Brett McDowell wrote:

On May 10, 2010, at 3:09 PM, Steve Atkins wrote:

On May 10, 2010, at 11:59 AM, John R. Levine wrote:

Apart from ADSP rules, a broken signature must be treated as if
there
was no
signature at all. That in itself is not the problem. The problem
with
broken
signatures is that people will not buy into a technology (DKIM)
if it
will
not cover a significant part of their e-mail.

Of course.  That's why MLMs should sign their mail, or equvalently
the
MSA
they use should sign it.  Problem solved, right?

Free bonus: MLMs can sign the list mail even if the contributor
didn't
sign it.

+1. It's pretty much a non-issue (unless you believe that DKIM is
magic fairy dust that will prevent all "fraudulent use of your
brand").

I believe we can disagree without being disagreeable.  I'm sure
there is
no one on this list (or in the world) who thinks DKIM is magic fairy
dust
that will prevent all fraudulent use of a brand.

If ADSP is not there to prevent "fraudulent use of your brand", what
is it for?


A most pithy question deserving of an answer. ADSP does not "prevent
fraudulent use of your brand". Never has and never will. What it is
intended to prevent is "fraudulent use of your domain" that may or may
not be a brand. It is a specific tool targeted at a narrow problem.
Nothing more and nothing less. It does not prevent abuse of the display
name nor does it prevent the use of cousin domains as just two examples
of the many things it does not do. It is a point solution to a point
problem.

While I don't think ADSP proponents actually believe it is magical
brand
protection fairy dust, that is the operational model we're using when
we're
discussing the usage of ADSP.


Have to disagree with you here Steve. It's not magical and as I pointed
out above, it is not strictly speaking "brand protection".

ADSP does not, and can not, provide significant operational value
in dealing with phishing, which is the only concrete example
anyone has brought forward. So we're left with "brand protection",
which is still plausible because it's so vague.


The only reason that ADSP does not provide significant operational
benefits is that for the sake of compromise it was crippled at birth.
Speaking based on the experience of DKIM signing all mail for some
heavily abused domains since 2007, there is value that can be leveraged
in conjunction with other tools as part of an overall anti-abuse
program. 

(If it were described as "Brand protection as applied to the section
of
the byte sequence in the From: field that isn't the part usually
displayed
to the end user" that would be less vague, but more obviously
useless).


There is a very simple solution I have suggested in the past that can
and will likely be implemented once email authentication reaches a
critical mass. That is for MUAs to set the default implementation to NOT
display the display name if the mail is unauthenticated.

I would hope that the long term goal is to reduce the attack surface
available to abusers.


I would like to think we are all on this list making a good faith
effort
to explore and debate the right way to deal with the status quo,
including
the option of sustaining it.  I personally don't agree with the
position
that the status quo should be sustained, but I respect both that
position
and those who articulate it.


Yes, this summary may be blunt and possibly even disagreeable, but
there comes a point when developing something that's going to affect
many, many people that you have to mention the elephant in the room -
which is that while lots of people involved have invested quite a bit
of
effort
and professional credibility in putting it together there's still no
definition
of what problem it's supposed to solve, and the end result appears to
be pretty much useless for any concrete phishing or brand protection
scenario.


As I commented above, the only reason that ADSP as written appears to be
of little potential value is that it was intentionally made so. Consider
that one of the authors has pretty much always argued against its
usefulness and value. 

The ability to make assertions about a sending domains mail streams has
a proven track record in private peering arrangements between some
(large/well known) senders and receivers. There is clear potential value
to enabling an open and automated way of expressing these assertions
such that both sides of the equation (sending domain and receiving
domain) are able to scale. That we have failed to do so with the current
incarnation of ADSP does not change this.

Mike

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>