The Value of Reputation (was Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail (dkim))

Douglas Otis dotis at mail-abuse.org
Mon Jan 2 17:39:39 PST 2006 

On Sun, 2006-01-01 at 14:59 -0800, Dave Crocker wrote:

>       DKIM provides a means of validating an identity that is associated with
> message transit.  Do we believe that that validated identity will be helpful for
> some variety of email [quality] mechanisms, such as reputation services?  The
> answer to this is yes, since there is a long-standing value in having an
> validated, accountable identity associated with a document.

This statement of obtaining a valid accountable identity only applies to
the base DKIM draft, but does not extend to the SSP draft.  


> >    A lot depends on what we mean by "weakly authenticating".
> 
> Probably correct.  So it is quite useful that we have access to a concrete
> specification that embodies the meaning that applies here.

With respect to chartering and the WG output expectations...

The base DKIM draft depends upon a domain offering a public key used to
validate the signature. (Good) 

On the other hand, the SSP draft offers an authorization for an email-
address within the From header. (Bad)  This authorization has already
been construed in the SSP draft itself as providing accountability.
This identity defines where complaints are to be registered.   This SSP
draft also greatly alters email use by not permitting normal practices
without the same dangerous open-ended policies as seen with SPF. (Very
bad.)

> As for judging exactly what the limits of market acceptability are, there are
> two problems with attempting to conduct such a discussion here:
> 
>     a) standards bodies, including the IETF, have very poor track-records
> predicting market acceptability, particularly when the discussion goes beyond
> merely assessing the competence of the technology.
> 
>     b) there is a substantial constituency of experienced and responsible
> development and operations folk who find the DKIM mechanism appealing enough to
> be worth pursuing.

The base DKIM draft does not depend upon the SSP draft.  There are
other means to establish the expectation of there being a signature
present without changing accountability (burden-shifting).  This other
means better protects recipients from fraud as well.  This other means
requires less overhead.  SSP can not be justified. 


> > The difficulty is that establishment of such a mechanism makes
> > it very easy for, e.g., an ISP that wants to "protect its
> > customers from spam" and reduce spam traffic on its backbone to
> > say "aha, any message that isn't validated/authorized by someone
> > whom we recognize is obviously hostile and should be silently
> 
> It is often easy for people to make simplistic and incorrect choices in how they
> use a mechanism. This does not seem like a very strong argument against creating
> the mechanism.

There is already mechanisms in place ready to misuse email-address
authorization -as-if- authenticated.  There should be an expectation
based on previous experiences that such an authorization scheme can
become a form of coercion when treated as a source identifier.  This
does not require guess work.


> > It seems to me that, were DKIM to succeed, we would run a
> > significant risk of seeing the Internet fragmented into
> > DKIM-approval camps (with the non-DKIM-users left out of all of
> > them).
> 
> 1. You might be right, but I can't tell, because I do not see a) the logic
> sequence that starts with the fear you express and leads clearly to the
> conclusion, and b) the basis for certitude that the fragmentation will occur.

By shifting the burdens imposed by reputation block-lists onto the
email-address domain owner, controlling abuse would then rests upon a
hapless entity.  The ability to obtain a domain name and safely share
services are placed in peril.  The fragmentation (as coercion) will
likely occur when larger domains find the results of this burden-
shifting being in their interest.  


> 2. How is this different from the "fragmentation" that separates those with MIME
> support from those without, or the "fragmentation" that separates those with TCP
> selective acknowledgment support, from those without, or... any other
> fragmentation that distinguishes among supporters of enhancements from those not
> (yet) supporting it?

At least with MIME, the risk was not with respect to unfairly being held
accountable.  


-Doug

More information about the ietf-dkim mailing list