[ietf-dkim] Review of draft-fenton-dkim-threats-01
stephen.farrell at cs.tcd.ie
Mon Oct 31 07:51:42 PST 2005
Thanks for the review. Just focusing on your general
Eric Rescorla wrote:
> What I would have expected in a threat analysis of this type is that
> one would start with a relatively broad view of the type of system
> one was considering developing ("server-based message-based signatures
> to prevent mail forgery") and then describe potential attacks on
> such systems and the types of countermeasures that can be used to
> protect against them.
That is probably a fair criticism of the document taken in
isolation, but given that it was produced specifically to
meet a stated requirement for wg-formation, the "moving
target" defence is legitimate in this case.
However, I think out current draft charter does imply
moving the document more towards the analysis you'd like
to see, which is perhaps all that can be done at this
stage, so taking the doucment in tandem with the draft
charter, does IMO (promise to) handle this comment. Do
> What I see here assumes that the system to
> be developed is essentially DKIM and asks how DKIM can be attacked.
> That's only somewhat useful for determining whether DKIM should be
> standardized and not at all useful for determining whether alternative
> designs would be inferior or superior.
Well, it does have *dkim* in the name, so I don't think you can
really ask that the document compare against all other potential
documented and not documented proposals. My point is that your
criticism seems to be taking the document in isolation once more
and not in its true context which at this point is the draft
> [...] I think that that requires a real argument
> that this approach will be useful in stopping spam, not just
> saying that stopping forgery is good and this stops forgery, so....
Can you help me understand what you'd consider a "real argument"?
E.g. if you can point at something in the literature or else
describe how such an argument would be structured?
One nit about your text though: if a claim were made that dkim
would "stop" spam, that'd be rightly criticised, which means that
its not fair to criticise dkim on the basis that it won't "stop"
this, that or the other. I'm sure you'd agree that were dkim to
be useful in reducing spam, then that on the face of it is a
worthwhile goal to try reach, so long as the inevitable costs of
doing something are sufficiently smaller than the costs of doing
nothing (where there's plenty of scope for argument of course).
More information about the ietf-dkim