ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Doublefrom, ADSP and mailing lists in perspective,

2011-08-01 14:21:44
On 7/28/11 2:03 PM, Mark Delany wrote:
DKIM should be viewed as a Work-In-Progress still missing a viable
policy layer.
+1.  But 5+ years WIP? :) It wasn't rocket science.
Well, 7+ years ago it was suggested that "Domain policy is nascent"
with the stated expectation that MARID would soon develop something
comprehensive to satisfy our needs...

Apropos rocket science, at our current rate of progress we risk
outliving the Space Shuttle program.
MARID offered unsafe chained record sets as an IP address authorization 
scheme unrelated to what people were observing.  Where IPv6 increases 
the aggregate list and where DSNSEC increases the amplification, risks 
to otherwise uninvolved sites increase with this scheme.  Vetting 
messages prior to acceptance likely plays a greater role in lessening 
MTA burdens anyway.

Open-ended third-party relationships from a policy perspective may seem 
difficult to express, but it remains possible, whether by the domain or 
as a service, to acknowledge these relationships.   An authenticated 
domain can be authorized by a published hash label.  This would be a 
safe method to extend policy without requisite two party coordination as 
currently expected by DKIM.

DKIM can be more than just making an assertion "this domain is too big 
to block."  With comprehensive policy, DKIM should be able to prevent 
spoofing of a domain that may cause recipients to give up on the 
service.  Until policy can be comprehensively applied, other 
authentication related benefits will likely remain elusive.

Of course, such a goal must include proper input validation by DKIM.

-Doug






_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html