On Fri, 26 Nov 2004, David Woodhouse wrote:
To me also. Making it _slightly_ more expensive to send mail isn't
unacceptable; it's the premise behind stuff like hashcash too.
With DK and IIM, its both sender and recepient who experience increased
load due to having to sign the message. This is because they employ
method for authentication, where you retreieve public key or fingerprint
from external location and compare that to what is in the signature
and then verify if that public key is really correct one to go with
private key that signed the message hash and produced given signature.
You could also do it differently by sending hash of the signed email
and signature to remote key verification server (run by sender) and
ask that server to confirm if its ok (i.e. that server would use
private key that email was originally signed with and verify if
signature is indeed signed with same private email and also verify
if that signature indeed represents signed version of email hash;
this is something like symmetric key cryptography). That all means
100% of cryptography is done on the sending side - this is what
James Couzens, Seth Goodman and SES team are advocating if I understood
them correctly (but this system also has side-effect that sender is
vulnerable to DoS attack if somebody remails the same message to say
100,000 other recepients, I'm not sure how they deal with it...)
I do not think that signing and verifying will be upset by that you
dont need to do virus and spam checking, at least not immediatly. I
have to assume that spammers are probably not going to sign their
emails with bad keys, but they may sign them with their own good keys
and that means you still need to do allthe same virus and spam
testing after the signature verification.
I'm not convinced of that. Let us assume the existence of a reputation
system which you were going to use to decide to reject the mail in
question.
You have a mail claiming to be from alwaysspams.com. Optimise the
following flowchart:
1. Check DK signature. If it's invalid, reject the mail.
2. Reject the mail because it comes from alwaysspams.com.
They are going to create new domains everyday like they do already and
each will sign with its own signature.
You also will not be able to reject email based on "I sign all my email"
policy records for DomainKeys because DK signed emails will fail after
being processed by almost any mail list and that means people who want
to protect their domains from beeing spoofed really can not do it with DK.
Mailing lists aren't really a problem -- they add a Sender: header and
if there's no signature for _that_ but should be, then you can reject.
But it's nice to be able to reject if _either_ is absent, which is why I
favour IIM over DK. It's one of the details that will presumably be
sorted out in a merger of the two.
I know more details and can tell you that Y! is not willing to negotiate
on the merger. But stay tuned, in the next 2-4 days you'll see proposal
from me that may make you happy and if there can be built support from
it from the community (particularly from open-source people like SPF did)
then "merger" may well be forced upon them anyway.
The reason I mention it is because some here were taking about renaming SPF
into some "safe mail standards association" (I rephrased on purpose). Well:
1. don't, you might be laughed at in the same way as with actonline
2. its not about the name anyway, its about what we do and how
I'm not sure about that. We're laughing at actonline because they're
saying stupid things not really because of the way they present
themselves. And marketing does have a large effect. SPF has got fairly
good marketing, regardless of the technical issues. VHS video recorders
were marketed better than Betamax.
I don't think actonline is that much about marketing. They are association
supported by one or two largest companies for their own interest to make
their views presented as if they are coming from 3rd party. And as I
already said they are primarily lobbying group, i.e. its all politics
business in Washingon and I suspect politicians they lobby to do
understand quite well that they are not to be taken on their word and
that they are paid to say it (that is quite normal for Washington).
I think you overestimate the intelligence of the average system
administrator -- or at least their willingness to think for themselves.
That is a valid point. Many will believe what they are told and not think
for themselve, that is what happened to SPF to a degree.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net