accept, deny,
or other delivery decisions (was Re: [ietf-dkim] SSP= FAILURE
DETECTION)
Steve Atkins
steve at blighty.com
Mon Sep 11 20:36:52 PDT 2006
On Sep 11, 2006, at 8:08 PM, Scott Kitterman wrote:
> On Monday 11 September 2006 22:38, Steve Atkins wrote:
>> On Sep 11, 2006, at 7:07 PM, Hector Santos wrote:
>>> ----- Original Message -----
>>> From: "Douglas Otis" <dotis at mail-abuse.org>
>>>
>>>>> - Inconsistent results.
>>>>
>>>> Either the signature is valid or it is not. This does not depend
>>>> upon policy
>>>> ...
>>>> Can you be a bit more specific about what do you mean by
>>>> inconsistent results?
>>>
>>> I was referrering to the "Dark Secret" model that Mr. Falk and Mr.
>>> Akins was
>>> thinking about such as:
>>>
>>> Result = DKIM-BASE + REPUTATION
>>>
>>> This has the potential to be different depending on which receiver
>>> and its
>>> non-standard reputation layer.
>>
>> You seem to be deeply confused as to what "reputation" is. Every
>> receiving MTA, and possibly every recipient will have a different
>> view of a signers reputation.
>>
>> Given that, expecting everyone to have exactly the same result
>> when they apply their reputation model to an email that's
>> authenticated
>> from a given author is obviously nonsensical.
>>
> OK, then I'm confused because I think that you and Hector are saying
> essentially the same thing in your message and his that you replied
> to.
Hector asserts that "inconsistent results" is a risk with respect to
signing.
His reasoning behind that is that because every recipient decides
whether to acccept or reject mail is based on several factors, including
the senders reputation, and that that reputation will vary.
That has nothing to do with whether the mail is signed or not (though
reputation based-filtering is likely to drastically more accurate with
mail that is signed). Unsigned mail is also going to be delivered, or
not, depending on many things, including the reputation of the sender.
So describing "inconsistent results" as a "risk of signing" seems
something of a non-sequitur. Or possibly I'm misunderstanding,
in which case I'm sure Hector will expand on the issue, with a
clearer explanation of what he means and some concrete
examples.
Cheers,
Steve
More information about the ietf-dkim
mailing list