[ietf-dkim] SSP acceptance chart

Hector Santos hsantos at santronics.com
Sat Nov 5 02:04:40 PST 2005 

----- Original Message -----
From: "Douglas Otis" <dotis at mail-abuse.org>
To: "Hector Santos" <hsantos at santronics.com>


> On Sat, 2005-11-05 at 00:38 -0500, Hector Santos wrote:
>
> > And how do to a VERIFIER or SIGNER get this "exposed expressed desire?"
How
> > does the VERIFIER and and possibly RESIGNER get this information?
>
> The opportunistic scheme is rather simple, so I try fewer words.

Thanks. I appreciate it. So if its simple, should we expect some have
pseudo-code very soon? :-)

> As the MDA sees broad-bindings with matching domains, it compiles a list
> of these matches.  This list could be simply the domain-names.
>
>  this-bank.com
>  that-bank.com
>  pay-this.com
>  pay-that.com
>  this-store.com
>  that-store.com
>
> Perhaps these names are stored in a zone or a database. It does not
> matter.

No, doug, you didnt' answer the question.

Where do you get the "expose expressed desire" that a domain will even want
you to sign its messages in the first place?  Does the domain have choice in
the matter?

Even then, it does matter.  You have a major threat by avoiding first time
inconsistency. With your idea, a system will need more sampling to get a
better feel. What if its one phish per system attack spread across a tens of
thousands, even a million systems?  Are you now going to throw in a RAZOR
like concept into every expanding solution pool so that these participant
P2P systems can learn from each other?

Why not just reject it with a 451 because of the match failure?  If its a
legitimate SMTP system, his SMTP system is designed to retry.

> Your chart should not offer hostile treatment when email-addresses don't
> match the signing-domain, unless they are on a list.

Doug, the CHART has nothing to do with with a LIST, LEARNING, ANALYSIS,
DIAGNOSTICS or BEHAVIOR of domains.  The chart simply allows systems to STOP
the CRIME before it happens.  The chart offers a theoritical 69% (25/36)
hard results with zero false positive ACCEPT/REJECT conditions.  It has 31%
(11/36) states where there is insufficient data to make a hard decision.
However, in these cases, there is nothing to prevent a system or
implementation to augment a pattern recognition learning concept of repeated
failures.

Doug, you are totally mis-representing the entire idea of what SSP is
suppose to do.  I'm sorry, but I can't help but feel you are doing this
intentionally.

> When they are not on the list, then the reputation of the
> signature would simply be evaluated.

There you go again, We are back to a DNA concept.

Where is the pseudo-code?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com

More information about the ietf-dkim mailing list