On Thu, Aug 17, 2023 at 3:30 AM Alessandro Vesely <ves...@tana.it> wrote:
> > I'm not convinced advice is necessary here. Do you really need signs in > > banks that say "Don't put your signature on random financial > documents"? I > > have to believe that people understand what it means to sign something, > and > > why they shouldn't do that. > > Well, when banks don't do that, they're in bad faith. Consider, for > example, > derivative financial contracts conceived so that nobody is able to read > them > —banks don't even try to print them. Decadent practices. > I don't know what you mean by "decadent", here or below. I disagree about the "bad faith" claim. I think everyone with their own agency understands what it means to affix their signature to something. It's on them to understand that fully, or assume the risks of not being diligent. In the case of high volume operations like scanning email, the scale forces you to play the odds that your inbound filtering gets it right a high enough percentage of the time that you're able to cope somehow with the things that slip through. > Domains cannot "read" the messages they sign. Some MPs may have wonderful > anti-spam filters, but that's still not the same as reading and signing an > agreement. We need to dismantle the agreement metaphor a bit. > The logical extension of this line of thinking is that message authentication isn't meaningful. Is that where you're going with this? > On the other hand, there are domains which blindly sign anything their > users > write, enacting only minimal limits to prevent abuse in case of > compromised > credentials. They can afford doing so because, for example, users are > employees and are known in person. Do such domains experience replay > attacks? > Likely. So? > What I'm trying to address is the relationship between users and mailbox > providers. Free MPs want anyone to be able to create a free account, and > that > was at the root of their success. When domain authentication arrived, > they > considered that /all/ messages from their domain must be authenticated. > DMARC > reporting is specifically aimed at such goal. > For something that signs at a domain level, why is this something with which we should concern ourselves? > The arms race you refer is the result of indiscriminately accepting all > users. > A small percentage of them are bad actors, but cannot be identified > because, in > general, the real IDs of users is not ascertained. At what point does > claiming > responsibility for non-ascertained entities results in decadent practices? > Again, I don't know what this means. > There is no equivalence between authenticating subscribers and scanning > what > they write. Both tasks need human intelligence, but the former doesn't > have to > be done on each message. Scanning w/o intelligence is only heuristic and > relies heavily on volume limits, which is where replay attacks get away > with it. > ...and this is entirely an internal matter. Are you arguing that this deserves protocol-level consideration? If you're going to assert that Gmail should authenticate their users before allowing them to send stuff that will be signed, then I'm pretty sure they do that already. -MSK, participating, but currently quite confused
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
