[ietf-dkim] DKIM Agenda Item Safer than SSP
Douglas Otis
dotis at mail-abuse.org
Thu Jul 6 08:57:46 PDT 2006
On Jul 6, 2006, at 4:30 AM, Dave Crocker wrote:
>
>
> Paul Hoffman wrote:
>>> This seems to be a comment against SSP.
>>
>> Wrong. it is a comment against trying to predict the future and
>> gating
>> our publication on those guesses. We can (should!) remain silent on
>> future changes to email, and then deal with them when they happen.
>> This
>> is how IETF protocol development works.
>
> Correct on all 3 counts.
>
> and i suggest that we can now end this thread.
Anticipating outcomes subsequent to deployment of a new protocol
remains germane. That was the purpose of the threat review, was it not?
Efforts related to this anticipation should include newer protocols,
especially with increasing reliance upon features of recent
developments. Indicating internationalization features _may_
encompass the local-part, in addition to the domain, only emphasizes
the generic internationalization concerns _already_ raised in the
threat review. Reliance upon email-address recognition ignores these
concerns, and is the criticism directed toward SSP. Reliance upon
email-address recognition remains dependent upon either future
abandonment of internationalization, development of character
repertoire reporting, or massive acquisitions of look-alike domains.
As DKIM is transparent, annotation needed to convey DKIM
verifications as recommended by the APWG can combine with known
signing domains to also overcome the internationalization threat.
This embraces internationalization as it exists today and tomorrow,
but protection is further improved with a DKIM convention that
partitions sources within the signing domain.
-Doug
More information about the ietf-dkim
mailing list