Hallam-Baker, Phillip wrote:
I fail to see your point here.
Anyone can deploy DKIM, there is nothing unfair about the DKIM architecture.
it artificially changes the relative value of domain names. it makes
them more like brand names, where you have to work to build a domain's
reputation in order to get people to trust it. it means that domains
which are associated with large user communities with a good reputation
will be more trusted than domains with small user communities, even when
those domains are equally diligent. in that way DKIM favors the
interests of large concerns over small ones. so it's not surprising
that several large concerns backed it. but that doesn't mean it's a
good thing for the Internet as a whole.
The 'unfairness' that you appear to be complaining about is that DKIM solves
a problem that only targets a relatively small number of Internet domains,
although the effects of that attack are seen by everyone.
indeed, DKIM might help address the phishing problem, if that's what
you're talking about. and large concerns are disproportionally affected
by phishing. but ultimately I think there's only a small chance of DKIM
helping the phishing problem much, because of user interface issues and
because there are lots of ways to fool people into thinking that they're
responding to a FemtoSquishy email without having femtosquishy.com in
the From address or signature.
Impersonation of a trusted brand is always going to assit a social
engineering attack if this is possible. I do not understand the ideological
calculus under which we should do nothing to protect consumers against
attacks of this nature because we can't all have a trusted brand.
using DKIM to discourage phishing is a different use case than using it
to authenticate to IETF lists. just because it might work well for the
former (if indeed it does) does not mean it can be relied on to work
well for the latter.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf