ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: bozoproofing DKIM concerns

2006-01-04 11:50:27
from [Eric Rescorla] [Permanent Link] 
Dave Crocker <dhc2(_at_)dcrocker(_dot_)net> writes:


E> AS I understand it the concern is that people who don't use DKIM

will eventually not be able to send e-mail to people who are using
it. I'm not sure that this is something that people should be concerned
about, indeed, the logic of this kind of system is that if it succeeds
that's exactly what will happen.



Interesting.

I have not heard any DKIM proponent use that logic.


Maybe not, but I think that it's the likely endgame.



I have, however, heard critics fail to understand the difference between

    a) special handling of "good" identities, versus continuing to
    have suspicious handling of "unknown" identities, and

    b) acceptance of good addresses and rejection of unknown.

Proponents seek to use DKIM for a), not b).

Critics keep asserting that b) is the only avenue that is possible.

So, they are wrong that it is the intent and they have no empirical
basis for asserting that it is certain or even likely to occur.


No, I don't have any empirical evidence for asserting that it's
certain or likely to occur. But in truth nobody has much empirical
evidence for anything here, so we're reduced to theorizing.

Now that we've got that out of the way, it's worth working through the
reasoning of why I think (b) is the likely endgame.  

The basic value proposition of any sender authentication system as an
input to filtering is that lets you increase the sensitivity of the
filters, while still obtaining an acceptable overall false positive
rate. Imagine that without sender auth, your filters have a false
positive rate of P and a false negative rate of N. With sender auth,
some fraction of those false positives will be eliminated, letting you
dial up the sensitivity of the filter. If we assume that the sender
authentication is perfect, then we get the following:

                      Message 
                      Authenticated
                 
                      Yes           No    
False positive        0             P' (P' > P)  
False negatives       0             N' (N' < N)


But this makes it even more attractive for the good senders to
authenticate their messages (because otherwise they stand a higher
chance of being rejected) which means that the receivers can increase
the sensitivity of their filters, and so on.  So, at the end of the
day, if something like DKIM is successful, I would expect an
equilibrium where filters are set extremely high and nearly all good
senders authenticate their messages because otherwise they stand
an unacceptably high chance of having them rejected.

-Ekr



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: bozoproofing DKIM concerns, Douglas Otis
Next by Date:  Re: Likely DKIM endgame, Eric Rescorla
Previous by Thread:  Re: bozoproofing DKIM concerns, Douglas Otis
Next by Thread:  Likely DKIM endgame, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]