ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] ADSP, was Lists "BCP" draft available

2010-05-26 19:56:02
from [Douglas Otis] [Permanent Link] 
On 5/26/10 2:23 PM, Michael Thomas wrote:

I don't know of a way to do that which doesn't require a trust
relationship with the mail list provider. If you have such a
relationship then it's relatively trivial to just not bother with
ADSP checks for mail from such lists.

I'm left not knowing what advantage there would be from a more
complex standardized approach.

 Right, and where I have problems is that I doubt that most admins
 have any clue whatsoever which lists their users subscribe to. Some
 certainly have policies which may inform them (= don't do it), but
 beyond that this sounds somewhere close to an impossible task.


Domains that assert ADSP "all" or "discardable" are assisting recipients 
who might be inundated with messages spoofing their From domain.  This 
assistance can be extended by also indicating which employed third-party 
service may benefit from Author Domain signature exceptions.  Every 
increase in the number of sources granted a policy exception represents 
an increased opportunity for exploitation.

For example, specific authorizations of communications via mailing lists 
run by standard's organizations, or NGOs, would offer recipients far 
better security, than would resorting to unlimited numbers of different 
email domains having undefined authentication polices.

While much can be said for reputation services, they are not good at 
preventing abuse from otherwise reputable sources.  An authorization 
scheme for ADSP greatly reduces a domain's exposure within an 
environment seeing a growing diversity of abuse.

Importantly, a DKIM specific authorization scheme places the burden of 
retaining trust on the sender, where it belongs.   If you agree with 
this, stop kvetching. :^)

No one requires senders to defend their recipients.  Allowing ADSP to be 
more comprehensive with a simple and deterministic authorization 
mechanism, enables greater use and provide a stronger rationale for 
employing these policies.

-Doug


"The significant problems we face cannot be solved at the same level of 
thinking we were at when we created them."
"Make everything as simple as possible, but not simpler."
   -- *Albert Einstein*

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] ADSP, was Lists "BCP" draft available, Douglas Otis
Next by Date:  Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Steve Atkins
Previous by Thread:  Re: [ietf-dkim] ADSP, was Lists "BCP" draft available, Michael Thomas
Next by Thread:  Re: [ietf-dkim] ADSP, was Lists "BCP" draft available, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]