ietf-dkim
[Top] [All Lists]

[ietf-dkim] Increasing ADSP Adoption Rate

2011-04-17 01:11:37
Hector wrote:

The real interest is the total unique domains and also the changes, 
i.e. how many of the 2010 ADSP = NONE  domains have adopted ADSP in 
2011. That will give you a better adoption rate.

Some other things to consider John.

DNS ADSP domain adoption rate is just one side. What is also important 
is the DKIM verifier Enabling ADSP checking Adoption Rate.

One fact is true:  Of the two popular open source DKIM API packages, 
both support ADSP and are ready to go.

How implementators of these APIs have enabled ADSP checking, we don't 
know.

I believe Murry indicated last year OpenDKIM has ADSP checking is OFF 
out of the box. Maybe it is enabled now for his statistics work. We 
use ALT-N's LIBDKIM API and we have ADSP checking enabled out of the box.

With RFC5016 (Requirements for a DKIM Signing Practices Protocol) and 
the work done in RFC4686 (Analysis of Threats Motivating DKIM), there 
was consensus ADSP checking make sense under two conditions:

       1st party failures
       3rd party signatures (valid or not)

There was a majority consensus (if not 100%), the valid 1st party 
signatures did not require ADSP checking because the only reasonable 
threat is an internal compromise (theft of private key).  ADSP can 
only help to deal with violations (faults) of policy declarations:

    What to do about 1st party failures
    What to do about unauthorized 3rd party signature

Maybe one interest data point would be to collect ADSP DNS queries. 
That will give a snapshot of how many DKIM verifiers are checking for 
ADSP.

-- 
HLS


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>