[ietf-dkim] Review of draft-fenton-dkim-threats-01
mike at mtcc.com
Tue Nov 1 11:39:14 PST 2005
Eric Rescorla wrote:
> Arvel Hathcock <arvel at altn.com> wrote:
>>>>Since the people I know involved with DKIM expect it
>>>>to be plenty useful without third party reputation services,
>>>>I'm not sure what your point is.
>>>Well, they may expect it to be, but I haven't heard any arguments
>>>along those lines that I find convincing.
>>Really?? If I see a message which is DKIM signed by iecc.com and
>>iecc.com is on my "DKIM white-list" this is pretty useful info right?
>>I can probably get away with relaxing or even skipping heuristic spam
>>filtering on that email with a fair degree of comfort. How is the
>>utility of that in any way unclear?
> The scenario you cite is likely of *some* utility but it's not clear how
> much, or if it exceeds the cost of implementation and design. The answer
> to that question depends on (at minimum) (1) what the false positive
> rate would have been without the whitelisting (2) the degree of
> predictability about whitelist contents (for attackers), and (3) the
> level of zombie infection--or more precisely potential zombie
> infection--of the domains which are on the whitelist. It's not clear to
> me that we have good data on any of these questions, let alone an
> analysis that incorporates all of them.
There's a really, really easy way to get answers to all
of these questions: standardize dkim. There's a *lot* of
people -- large ISP's, vendors, enterprises, etc -- who
are waiting with bated breath to find out the answers to
these questions. On the other hand, navel gazing is guaranteed
to produce equivocal results, and in the end will almost
certainly get it wrong.
More information about the ietf-dkim