[ietf-dkim] draft-fenton-dkim-threats-00

[Jim Fenton]

Dave Crocker wrote:

>>
>> The threat analysis characterizes the bad acts as the spoofing of 
>> email addresses.  
>
>
> My name is Dave Crocker.  The domains involved with my email are 
> dcrocker.net, bbiw.net and songbird.com.

Hi, Dave.  Haven't we met?  :-)

>
> The domains in the From and Sender and MailFrom and Helo and Received 
> fields are all valid and I am authorized to use them.
> Really.
>
> I send very obnoxious mail.
>
> You do not want to receive my mail.
>
> DKIM is extremely helpful for this scenario because the negative 
> reputation that you have assigned to my identity (errr... domain) can 
> now be reliably and accurately applied.
> You could not do that so safely in the past.

I absolutely agree that DKIM is helpful in allowing you to reliably 
apply a reputation that you maintain.  This is discussed in the second 
paragraph of section 1 of the threat analysis.  I am simply saying that 
DKIM doesn't say anything about how the reputation is maintained and 
applied.

> One could argue that that is because I could then use a different 
> identity and, therefore, one could class the problem as spoofing.
> But I think we lose an important point when we focus only on the 
> spoofing action, to the exclusion of the affirmative benefit of simply 
> ensuring an accurate/reliable identity.
> That is, even without spoofing, DKIM's assurances would be useful 
> simply because of Internet scaling and diversity.

We do lose sight of some of the benefits when we focus on spoofing, but 
the threat analysis is focused on what the bad acts are that we're 
preventing (or trying to prevent) rather than the good things we're 
trying to do.  I think that's somewhat a characteristic of threat 
analyses of this sort.

-Jim