[ietf-dkim] on the scope and necessity of threat analysis
arvel at altn.com
Fri Aug 12 16:31:42 PDT 2005
Here's what I think (sorry, posting too much I know):
> What you need to do is explain what the real problem
> you are trying to solve is, and then explain the degree to
> which DKIM does or does not solve that problem.
Here's the real problem I would like to solve: (Domain owner speaking
here): Recipients of messages from my domain currently have no method of
verifying whether the message conforms to my sending policy or not; nor can
they know whether the content of the messages sent from my domain are as
they were intended to be. I'd like to be able to solve those problems.
(Email admin speaking here): I'd like to know whether a message I allow
into my network
is authorized by the domain owner in the FROM header and I'd like to know
whether the message contains the same content that the signing
domain intended. Domain-level assurances are good enough for me from both
Here's how I think the degree to which DKIM does solve the problem plays
out: (Domain owner speaking here) DKIM provides the ability to distinguish
messages that conform with my local policy from those which do not. It also
provides the ability to spotlight messages which have been altered. (Email
user speaking here): DKIM provides the ability to distinguish messages
which conform with the policy of the domain in the FROM header from those
which do not and it spotlights content change.
Here's how I think the "degree to which DKIM does not" solve the problem
plays out: DKIM does not prevent unauthorized use of any domain. DKIM does
not mandate or gaurantee how messages failing to conform to signing policy
will be handled. DKIM does not specify how (or even if) an indication of
forgery will be displayed to end users. DKIM is an input into local policy
decisions. But it is an important and solid input.
> It is unwise to take it as an axiom, or a matter of
> faith, that any kind of authentication is a good thing.
> We have seen several examples of authentication
> systems, both inside and outside of the email world,
> that turned out to be a poor fit for many of the
> authentication problems that people needed to solve.
Authentication is always and everywhere a good thing but you're right when
you say that some authentication techniques fit better than others for
various applications. A signature based system seems to me to be the
perfect fit for electronic mail.
More information about the ietf-dkim