On 5/26/10 8:28 PM, Steve Atkins wrote:
So it says nothing about the threat it's supposed to thwart. Without that
there's no possibility of creating an attack tree. And without that, there's
no possibility of doing any security analysis on any proposal. And ADSP
is (I think) primarily a security protocol...
Start with a few premises:
Premise one: Users sort messages based upon important From email-addresses.
Premise two: Users mail system does one of the following:
a) annotates ADSP results,
b) blocks on ADSP non-compliance, i.e. no Author Domain signature with
ADSP "all" or "discardable", or
c) includes header available for sort criteria, i.e.
Authentication-Results
I'm pretty sure that ADSP as-is is a bad tool to solve any particular problem.
But given it's not being proposed to solve any concrete problem, it's
hard to discuss whether there's a better solution.
Based on these two premises, clearly 2b and 2c depends far less on a
user's recognition of expected results. A very good thing.
It is silly to debate whether ADSP is being currently used.
ADSP is currently suitable for only an extremely small subset of mail.
This unfortunately necessitates use of alternative domains.
Using alternative domains in conjunction with domains suitable for ADSP
"all" or "discardable" significantly erodes the practicality of a
sorting mail based upon the From, an important part of domain based
protection strategy. Third-party authorization should overcome this issue.
The original argument was that it would help deal with phishing, but
now even the strongest proponents are happy to explain that it will do
absolutely nothing to help with phishing - but go on to say that as it
won't help with phishing, the fact that it won't help with phishing isn't
a weakness.
ADSP alone does not afford complete protection. No one has said
otherwise. ADSP needs extended.
So what actual operational problem does it attempt to solve? A byte
sequence in an email header field that's commonly not shown to the
user is not an operational problem. It might be a middle point in a
line of reasoning between an operational problem and ADSP.
Indeed, ADSP must be viewed as part of a larger strategy. ADSP takes
advantage of DKIM's ability to survive forwarding, and to not converge
messages into an overly broad IP address authorization scheme. It is
common for servers to carry messages from many different domains, where
IP address authorization paths remain problematic from an architectural
standpoint, and significantly increase a domain's exposure to exploitation.
Conversely, ADSP in conjunction with third-party authorization should
eliminate a need for alternative domains when taking advantage of
third-party services, and will significantly reduce the domain's attack
surface.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html