ACTION: The homework assignment for attendees is to
bring assignments are to formulate concise suggestions
for threat statements and benefits statements.
I'm still a little fuzzy on what "threat analysis" means (sorry, I'm a
newb). It seemed to be two things - (a) what is the precise security
problem DKIM is attempting to address and (b) what are all the attack
vectors and vulnerabilities associated with DKIM.
Assuming (a) is correct, here's all I have to offer so far: Email today is
not accountable. The absense of accountability is an implicit threat to
security. DKIM proposes to increase the level of accountability within
email by allowing willing signers to assert some degree of responsibility
for an email message. The extent to which this accountability is asserted
will lower the level of non-accountable email proportionally.
As for the benefits of DKIM, I accept as a priori true that it is better to
know something than to know nothing. DKIM's ability to convey something
about the identity of the signer and integrity of the message content is a
non-ZERO positive gain in knowledge. Therefore, it has benefit in that
regard if in no other. If you hold that having some understanding of who is
attempting to contact you has no value, then you can switch off your home
phone's caller-id, tape over the peep-hole in your front door, and oh yeah,
strip out the FROM header in all your emails with a content-filter :) If
the question is "Ok, but what can be DONE with that knowledge" one could
answer with the reputation/accreditation mantra. But this is really a
separate question than "does DKIM provide value".
--
Arvel