ietf-mailsig
[Top] [All Lists]

Front and Back Gate and Front and Back Door Analogy

2004-11-21 13:13:09

Although digital signatures provide an authenticated identity suitable
for use with reputation, it still requires the consumption of the
message.  Much like the Front and Back Door, digital signatures provide
strong protections for individuals.  The pathway leading to the Door is
not protected however.  This pathway represents network resources.  A
school running a T1, as example, must also protect this pathway.

This pathway protection could be seen as the Front and Back Gate.  Gates
are easier to circumvent when compared to Doors, but are needed to
ensure the pathway to the door remains usable.  CSV and BATV provide the
Gate protections.  CSV could be seen as the Front Gate and provides an
authenticated identity suitable for use with reputation that does not
require consumption of the message.  BATV would be the Back Gate and
provides protection from the Bounce Message technique. 

Path Registration schemes are antithetical to the freedoms provides by
digital signatures, CSV and BATV.  Schemes that also require consumption
of the message also do not increase the level of protection afforded. 
Path Registration does not provide an authenticated name suitable for
use with security, enforcement, or reputation.  BATV can unilaterally
provide bounce protection immediately, which was a motivator for Path
Registration.  Digital signatures strongly ensure the source of a
message whereas Path Registration depends upon universal checks and
assumed security.

Such Path Registration checking changes paradigms preserved by digital
signatures.  Intellectual property issues and conflicting goals
regarding the establishment of universally applied path checks means
consensus, let alone deployment, may never be obtained.  The risk of
damaging the reputation of mailbox-domain by a Path Registration
reputation scheme is another serious concern.

Retaining the current paradigms that represent many of the good aspects
of email are retained through the use of digital signatures, CSV and
BATV.  As abusers can still sign their messages, CSV and digital
signatures combined with reputation will be needed long into the
future.  To ease the transition toward reliance on the digital
signature, CSV provides a compatible reputation identity that can also
be applied.  Nevertheless, a robust digital signature would be helpful.

-Doug 

   




<Prev in Thread] Current Thread [Next in Thread>