[ietf-dkim] A more fundamental SSP axiom
deepvoice at gmail.com
Fri Aug 4 16:34:35 PDT 2006
On 8/4/06, Mark Delany <MarkD+dkim at yahoo-inc.com> wrote:
> On Fri, Aug 04, 2006 at 06:44:34PM -0400, John L allegedly wrote:
> > >I cannot see how SSP can do anything but make false positives more
> > >likely. The real question is whether the gain in eliminating harmful
> > >mail is worth the occassional false positive.
> I guess I'm a little confused about the false policy concern.
> If a signer wants to take that risk, isn't that for them to decide?
Yes but.. I don't think that everyone is going to be aware of the risk
or ignore it thinking it can't happen to them. I still haven't stopped
smoking even though the Surgeon General puts all that scary warning
stuff on my smokes. It can't happen to me...
> Also, if the usual strategy of a verifier is to bounce (or be
> encouraged to bounce) the offending email, a "I sign all" sender will
> almost always know about delivery failures of originally signed
> traffic and be able to act accordingly.
I like the bounce idea too, but then we get into the whole attack
thing. Some poor schmuck with a little sparc2 trying to handle all the
verifier bounce traffic from ohh. let's say... Yahoo ;)
More information about the ietf-dkim