ietf
[Top] [All Lists]

Re: The Value of Reputation (was Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail (dkim))

2005-12-27 11:35:40

On Dec 27, 2005, at 7:33 AM, Nathaniel Borenstein wrote:

I'm sorry, the "authorization method" was an echo of the term used in the mail I was replying to (which is why it was in quotes). I was really trying to generalize to a whole range of technologies without making my wording too awkward. Perhaps I should have replaced "such methods" with "antimalware technologies" or "abuse control mechanisms." In any event, I fully agree that the term authorization, in this context, is both A) insufficiently generalized, and B) troublesome on countless philosophical grounds.

The response was specifically against the use of "authorization." With respect to SPF/Sender-ID or SSP, these are indeed email-address "authorization" schemes. With Sender-ID, "authorization" has been incorrectly described as form of "authentication", and much like Sender-ID, SSP appeared more by way of introduction rather than discussion. All of these "authorization" schemes, especially SSP, will disrupt the delivery of legitimate email. This "authorization" scheme also proposes untold numbers of DNS lookups for perhaps any number of From addresses and signatures. The art of "open-ended authorizations" (burden shifting) in SSP will soon include "authorized" signature lists. SSP also considers itself a "weak" form of "authentication" by directing complaints to email-address rather than the signer. : (


Reputation remains the only solution able to abate the bulk of abuse.

The word "only" makes me cringe a bit in any discussion like this (a global fascist state, for example, is another possible solution), but I think most of us pretty much agree about the critical role of reputation.

Some view a closed system, rather than a system open to tens of millions of email-address domains, as an alternative to reputation. Even in that austere system however, each would consider their access contingent upon their reputation for good behavior. Reputation is an unpleasant reality where identifying those culpable for abuse _must_ _not_ be taken lightly.


I see the cycle as going like this: We need at least one standardized, moderately-useful system for weakly authenticating the sources of messages.

I see the base DKIM draft forming a solid basis to identify email sources. The ill considered SSP draft will seriously hinder the DKIM effort. Serious problems are already being handled by way of burden- shifting, rather than considering real solutions. The related expense associated with an imposition of a disruptive email-address authorization scheme does not justify this component's inclusion within the DKIM charter. With far less overhead, spoofing attempts can be thwarted without email-address authorizations. Many of the serious crimes depend upon embedded links rather than use of an email- address (which are never seen by the majority of recipients). A solid basis for the source of an email-address will significantly enhance protective strategies. It is a dangerously false premise that an authorization scheme offers protection, as any assurance in that regard will increase the success rate of criminal fraud.


Once we have that, we have the minimal data that a reputation system will require to be able to start doing something at least mildly useful.

Please note authentication does _not_ include SSP.


Once we have *that*, we will have (in our reputation systems) a built in "market" for additional systems for (perhaps less weakly) authenticating the desirability (not necessarily solely due to the source) of incoming messages. To some extent, there's a chicken- and-egg problem with authentication and reputation technologies. My hope for DKIM is that it will give us one good enough egg to produce a chicken, which can then (in much the manner that Cain and Abel found their wives, I guess) facilitate a whole new generation of authentication technology eggs.

Agreed.  Do not let the ill conceived SSP derail DKIM.


When reputation is applied against an "authorization" as an identifier, innocent email-address domain owners will be seriously harmed. Abusers will find acceptance methods for an authorization scheme.

Yes, every one of these schemes will be flawed. That is why we need to understand A) the role of "weak authentication" (weeding out some but not all of the bad guys at any point in time, and using multiple sources of information to judge the desirability of a message) and B) the need for a continually evolving set of (ever- stronger, we hope) mechanisms for proving that a message is desirable to the recipient. Some of those mechanisms will also involve (ever-stronger, we hope) sender authentication, but others could eventually involve technologies as unrelated to authentication as anonymous payment.

To ensure email does not self-destruct, use of reputation against authorizations _must_ be avoided as imposing highly unfair treatment, even when email practices adapt to new paradigms. When governments start issuing digital postage stamps, knowing the source of the email message remains important. The recognition of these sources is beyond visual examination that can _not_ be aided by an authorization scheme. MUAs will need to assist in the recognition efforts. DKIM and recognition, but not authorization!


-Doug




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>