On 5/10/15 11:00 AM, Murray S. Kucherawy wrote: > Sorry, I sent that too quickly. A couple of other points: > > In both schemes, you need a "registry", which is the set A as maintained by > B through whatever means B wishes. Any DNS mechanism, however, requires > that all mail flows from B via A are endorsed for as long as that DNS > record is published (or cached); with the re-signing scheme, B gets to > choose which specific messages carry that endorsement, via whatever logic > it cares to apply, and for how long the endorsements are effective, and > with what cryptographic strength and other parameters. > > We have evidence in hand that the queryable registry solutions are not > attractive, evidence in the form of ATPS (RFC6541) for which the adoption > rate was above zero by only a vanishingly small amount despite three years > of open publication and an open source implementation. Dear Murray,
ATPS included an onerous task for any third-party service likely used on a gratis basis. Each third-party was expected to learn specific hash algorithms of each From domain. A difficult process on top of changing their structure of DKIM signatures repeated tens of thousands of times for each different first party domain. In addition, reputations based on the third-party relationship could not be leveraged because of the optional hashing. Very close to what is likely to become yet another signature scheme. At least John's scheme does not have third-parties guessing about parameters needed in new signatures. Guessing based on an option that should have never been allowed. ATPS self imposed two monstrous hurdles avoided by TPA-Label. DMARC signaling easily supplants rationale used by ATPS to justify its new DKIM signature. Even an alternative of having a DMARC domain adding limited signatures replayed by third parties where the entire message body can change along with selected header fields. People need time to respond and to then receive a subsequent posting. A period likely longer than many days. I just responded to a posting on another list about a week after the initial posting. There are only so many hours in a day. In the event of a limited signature scheme becoming exploited, what response is available to the DMARC domain? Wait for the x=parameter to timeout? I will propose a scheme similar to John's limited signature that includes a means to revoke implied authorizations based on detected abuse. Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
