ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DKIM Signatures now being applied to IETF Email

2011-08-01 23:51:53
from [Hector Santos] [Permanent Link] 
Keith Moore wrote:
Perhaps. But it's difficult to escape the impression that this is another example of IETF failing to solve an important problem by focusing on a portion of the problem that's easy to solve, and ruling the difficult part out of scope for the time being. Repeat as needed; you can always partition the remaining part of the problem again.
It was not a difficult problem. The issues were well understood long before Murray took over the DKIM specification. The WG security and requirements RFC productions clearly laid it out: 

  RFC4686  Analysis of Threats Motivating DKIM
  RFC5016  Requirements for a DKIM Signing Practices Protocol
The remaining technical problem was how to scale the authorization of 3rd party signer. The proposals 

  ASL  Allowed Signer List (good for small systems, does not scale)
  TPA  Third Party Authorization (appear to scale, but complex)
  ATPS Authorized Third Party Signer (easier version of TPA)
But there was a fundamental mindset and marketing conflict. It was a conflict of 3rd party resigner market right to exist uncontrolled, unrestricted regardless of originating DKIM message claims.
The WG could not continue to complete RF5017 ADSP when the then out of scope Trust ideas took over and promoted a market of unrestricted resigners. If ADSP became a standard then these resigners would be in violation of a security standard, and it would be a serious problem if they intentionally and neglected a security protocol when they resigned mail potentially distributing harmful mail
The easy solution is to toss out ADSP, like it never existed. No one should follow original domain policy declarations.
But this only shifted to the problem to the resigner who has no sort of policy wrappers. What happens with resigners resign resigned mail? Who will protect them?
Without based line protocol consistent controls and guidelines to follow, I'm afraid DKIM signing is fast becoming is rabid hop to hop message signature stamping broadcasting concept where the only remaining benefit is to make sense of the last signer which is never a problem in the authorized and known mail world. Its a problem with the anonymous world and a DKIM-signature has no value here when the signer is unknown. Since DKIM-signature requires the 5322.From address to be hash bound to the signature, the lost of policy allowed the anonymous abuse of these domains to continue.
The issue is straight forward, either resigners support signing controls or not. Obviously the latter was the easy way for THEM but it didn't solve the problem. No matter way a policy concept is required. 

--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Secdir review of draft-doria-genart-experience-04, Tobias Gondrom
Next by Date:  Re: A modest proposal for Friday meeting schedule, Randall Gellens
Previous by Thread:  Re: The fallacy of perfection, Alessandro Vesely
Next by Thread:  Re: DKIM Signatures now being applied to IETF Email, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]