ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Philosophical discussions (was Re: draft-schlitt-spf-classic-01.txt )

2005-06-09 17:45:58
from [Douglas Otis] [Permanent Link] 

On Thu, 2005-06-09 at 15:51 -0400, Alan DeKok wrote:

Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:


From a reputation standpoint, this is not desirable from the
perspective of the list operator, who would like any abuse to
directly impact those they see as accountable.


  If I send a copy of a DVD to this list, and this list re-distributes
it, the list owner may be responsible for "contributory infringement".
Reputation affects both me as author of the message, and the list
owner as distributor.

  If we were to require that list owners *not* have their reputation
affected by messages they re-send, then spammers can hide behind lists.


This would be a valid concern.  On the other hand, if the original
sender could be authenticated, and there was some breach of conduct,
then seeking redress from this original sender would provide a fair
method to deal with such offenses, without directly impacting the list
server.  This would also assume the list server would disable access
when warranted.  Authentication of the original sender would also
inhibit spoofed messages from invoking errant retribution.



Which proposal is that?  It is not draft-schlitt-spf-classic-01, or
draft-lyon-senderid-core-01.  These two drafts are in serious conflict,
and the Sender-ID draft claims that server authorization is equivalent
to sender authentication, whether for the bounce-address or the PRA.  Do
you really think it is safe to ignore the intentions of Microsoft?


  Nope.  And if all of the proposals are so terrible, we should see if
we can come up with another proposal that isn't so bad.


I see DomainKeys, soon upgrade to DKIM, as a step in the right
direction.  Until I see the details regarding DKIM, I am unable to
comment what remains to be done.  I will speculate there is a need to
introduce a somewhat independent layer of network resource protection in
addition to a signature scheme.  This will be especially important in
areas where network connectivity is limited.  It is yet to be seen
whether signatures, by themselves, will be enough of a deterrent.  My
fear is when they become more effective following wide spread adoption,
signatures will need to be aggressively defended.

-Doug
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Philosophical discussions, Frank Ellermann
Next by Date:  Re: draft-schlitt-spf-classic-02.txt, wayne
Previous by Thread:  Re: Philosophical discussions (was Re: draft-schlitt-spf-classic-01.txt ), Alan DeKok
Next by Thread:  Re: draft-schlitt-spf-classic-01.txt, Dean Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]