On Nov 3, 2008, at 2:55 PM, Tony Hansen wrote:
Lisa, I think we can move on.
Why should the IETF endorse a scheme likely to endanger recipients?
The motivation for this header is in support of a questionable Sender-
ID or SPF path registration scheme. Sender-ID is being sold as a
replacement for source authentication.
Not having this border header as a substitute for DKIM validation
ensures ISPs will provide access to unmodified messages. To ensure
security, verifying the DKIM signature should be done by the MUA
making the annotation, rather than depending upon an injected third-
Weakness related to DNS transaction identification have not
disappeared, nor has the potential concern related to network
amplification. The injection of carrier grade NATs along with SPF's
sizable query sequence of more than 100 different domains coupled with
the highly distributed nature of email imposes a risk that increases
with the rise of network bandwidths. Racing headlong into the
adoption of a bogus authentication scheme creates real risks for both
recipients and the network.
While some large institutions may promote this scheme for self
interests, they are also likely able to assert control over the
entirety of their email infrastructure. However, mechanisms are not
in place to protect thousands of smaller institutions. Nor is it
likely that email standards will ever require the needed header field
restrictions. Deploying path registration as an authentication scheme
places millions of users at risk, since the application of path
registration as "authentication" is sure to be exploited by confidence
artists. In addition, the header scheme is being complicit in the
deception. It labels the email-address as the element being
_authenticated_ rather than the IP address of the SMTP client as the
element being _authorized_. This scheme should not be endorsed
because some software vendors wants to promote a new (albeit
dangerous) scheme. Why should the IETF feel obligated to help vendors
promote a flawed and dangerous approach? Does it really matter how
many vendors hope to make money selling a flawed and dangerous product?
A vehicle with brakes that only work on level surfaces should not be
endorsed simply because some influential companies deploy fleets that
only travel over level roads. Authentication annotations will be
applied regardless of the nature of the route traveled. For some
companies and their recipients, there will be intervening routes that
will prove unsafe for this scheme. Nothing said changes that.
NOTE WELL: This list operates according to