On Mar 12, 2007, at 4:51 PM, Hector Santos wrote:
I tend to side with the high probability that blindly signing MAIL
in a DKIM-BASE only manner [...], will not only open the door for
DOMAIN reputation damage, but make DKIM as useless as [...]
DOMAINKEYS [...].
Where DKIM base concluded speaks well of DomainKeys. Unless SSP
provides a means to mitigate replay abuse, then one is advised to not
base acceptance solely upon finding a valid signature from a
reputable domain. DKIM still prevents false positive spoofing
detections and allows messages to obtain greater trust when the
assured email-address is annotated. Annotation is the _only_ safe
and extensible solution for DKIM email, otherwise too many things break.
By reputation, are you suggesting recipients will not be assured when
"seeing" an email-address, unless all without a valid signature are
expunged through the application of SSP? Security should not be
based upon the visual acuity of the recipient. What happens when
UTF-8 is used, or multiple versions of an email-address are applied,
or the From header contains more than one representation, or uses
more than one character-repertoire? What happens when the Sender
header is assured instead of the From header? Basing security upon
what someone might see is not a safe solution. Would there be a
recommendation that no email-address be displayed using less than
half the points of the recipient's age? : )
When reputation means the signature can be used as a basis for
acceptance, then your scheme also fails to offer reputation
protections. SSP could be used to authorize transmitters for this
purpose. It could be used to authorize the sending of DSNs as well.
There are many improvements SSP could provide. Providing guidance on
which messages with invalid signatures should be expunged is perhaps
the most problematic goal to pursue which then only offers
questionable security.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html