[ietf-dkim] [Fwd: I-D ACTION:draft-fenton-dkim-threats-02.txt]

[Douglas Otis]

On Jan 13, 2006, at 3:23 PM, Stephen Farrell wrote:

>
>> [...]  Any "open" policy exposes the email-address domain owner to  
>> unjustified complaint traffic.
>
> No more than could happen today. I don't see any reason why  
> complaints will rise that couldn't happen right now.

The mechanism directs complaints to the email-address domain owner,  
rather than the signing-domain.  Unfortunately, a published "open"  
policy will attract more abuse.


>> However, "closed" policies also disrupt common email practices,  
>> and therefore are not suitable for general use.
>
> Probably not. But as I understand it, those are designed for  
> special (and not general) cases.

I don't think there is any question that a closed policy will prevent  
the use of most list servers, for example.  Posting to a list is a  
common use.


>> A large domain has an advantage that a smaller domain does not.[...]
>
> I don't see how we can design a protocol to level that playing field.

The concern is not about leveling the playing field, but rather not  
giving the large domain a powerful club with which to beat the heck  
out of smaller domains.  This requires avoiding any reason or excuse  
for an open policy to be published.


>> ... This problem in general also runs afoul of a desire to not  
>> force the publication of "open" policies creating a paradox.
>
> I don't see any paradox unless you want one domain with both an  
> open and a closed policy.

For example, a second level domain "co.jp"  publishes the 'o=.'  
policy.  This would mean all sub-domains must then also publish a  
policy or forgo expectations of having their email accepted.  The  
second level domain may have been motivated into publishing a policy  
in order to squelch a high level of traffic, as no-records are not  
cached very long and each and every message instigates a new lookup.   
A mechanism to indicate the SSP record does not apply to sub-domains  
would ensure the search could end, but would then not be applied to  
the sub-domains.  A separate mechanism not part of the 'o=' could be  
used, such as 'i=y' or 'i=n' for sub-domains inherit policy (yes/ 
[no]).  The paradox occurs when co.jp wishes to use email normally.   
Their record could be "i=n" (nothing more).


>
>> On Jan 12, 2006, at 6:17 AM, Stephen Farrell wrote:
>>
>>> "Policies can be open or closed. Open policies define a set of  
>>> conformant messages and are silent about other messages. Closed  
>>> policies define the set of conformant messages and other messages  
>>> do not conform to the policy.
>>
>> Policy is not checked when the email/signing domains match.    
>> Policy is therefore silent when email/signing domains match.  When  
>> email/signing domains do not match, SSP indicates whether unsigned  
>> or foreign signed messages are acceptable.   With respect to open  
>> policies, _all_ such messages are conformant and acceptable.
>
> Nope. You're confusing the sender's policy statement with what the  
> verifier considers acceptable, which is out of scope.

I understand your position.  A policy that says "signs some" also  
says "some legitimate messages are not signed or are signed by  
others."  Language is important when attempting to convey concepts.   
When the signing/email domains don't match and "some legitimate  
messages are not signed or are signed by others" policy is  
discovered, how does this relate to what what messages are  
conformant?  Clearly not being signed could be an indication of  
conforming to the statement.

-Doug