ietf-mailsig
[Top] [All Lists]

Re: Web pages for MASS effort

2004-11-28 17:57:36

Justin,

      'Con: Does copying [IIM's "copy protected headers" concept] really
      increase protection?'

  I would like to note that this is, indeed, *ideal* for us in SpamAssassin;
  it lets us adopt new heuristics to deal with moderately-broken gateways
  like old, unupgraded Mailman mailing list managers.   Detecting Subject

Mostly, my reaction is that you are actually describing badness, not goodness.  

Let me explain why:  When standards do things to encourage heuristics, the 
utility of the service becomes more and more a question of stochastics.  That 
means that there is no real reliability to whether things will work.  People do 
whatever they feel like and recipients are left trying to guess what the sender 
chose.

Heuristics make sense when there are no standards.  But the purpose of a 
standard is to define precise, predictable behaviors, and that means 
constraints.


  line modification, where such modification is mailing-list-style
  subject-tag prepending, is very easy in this case.

  So, in my opinion, "copy protected headers" does increase protection, by
  allowing verifiers to "rescue" some mails from becoming false positives
  when rewritten by to nonconformant gateways -- and in that case, not
  having to apply a blanket exemption for list-gated messages that fail the
  signature check.

And this is why it is increasingly clear to me that we should not be trying to 
make the mechanism be robust against intermediaries that make arbitrary 
changes.  Ultimately, that's an arms race.  The intermediaries do more and more 
arbitrary stuff and we do more and more to try to guess how to protect against 
it.  

That's not standards work.  It's something else.

d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker  a t ...
www.brandenburg.com


<Prev in Thread] Current Thread [Next in Thread>