[ietf-dkim] More of a marketting plan really
pbaker at verisign.com
Tue Aug 23 12:13:58 PDT 2005
My threat analysis has a rather different starting place. My objective
is not so much to solve a particular problem as to identify a 'killer
application' where there is:
* A clearly understood pain point.
* A core constituency that is directly affected by the pain point
and has the ability to bring the necessary resources to bear to solve
* A reasonably compact technical architecture that does not have
dependencies on undeployed infrastructure.
We are 'lucky' enough to have two such pain points:
* The cost of running spam filtering systems is very high for the
largest ISPs and for providers of spam filtering services. This cost
could be significantly reduced if there was a better way to identify the
good incoming mail. Signing emails is a much more robust authentication
technique than the simple address based scheme described earlier.
* Phishing spam that impersonates a trusted brand. A large number
of banks are willing to make a significant investment to sign all their
outgoing emails provided that doing so brings an immediate benefit.
So far DKIM has been driven mostly by the first pain point which does
not require any additional infrastructure.
The second pain point has been touched upon but we are dealling here
with a social engineering attack and DKIM is going to be a component of
a solution rather than a solution in itself but the dealling with that
problem is going to require a trasmission signature and the backing of
The real challenge in deployment is to build to critical mass. Once the
scheme has got to the point where it is self sustaining there is no
problem adding additional features. The key is avoiding a dependency
that is going to increase deployment costs and potentially stall
The main objection to the initial pain points is that they only affect a
small group and the benefits may not be equitably distributed. This is
particularly the case for the first pain point.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ietf-dkim