[ietf-dkim] Policy decision tree outcomes

Charles Lindsey chl at clerew.man.ac.uk
Wed Nov 15 03:43:15 PST 2006 

On Tue, 14 Nov 2006 16:57:28 -0000, Hallam-Baker, Phillip  
<pbaker at verisign.com> wrote:

>> From: ietf-dkim-bounces at mipassoc.org
>> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Charles Lindsey

>> AXIOM-2 denied.
>>
>> If it finds a satisfactory authentication from a signer with
>> an apalling reputation, it should be _very_ suspicious.

> In fact if the sender has a bad reputation I will not even bother to  
> verify the signature let alone the policy. I will return to this when  
> proposing a processing algorithm for my policy mechanism.

The apalling reputations I have in mind are when the signer is a known  
spammer who tries to dupe people by providing a valid signature which has  
no value. Oddly, in this case, it would have marginally more value if  
verification failed.

>> > LEMMA-2: There is no value in distinguishing between any of
>> the cases
>> > A, B, C, D
>> >
>>
>> >     AXIOM-4:    There is no value in distinguishing between
>> states that
>> > 		can be reached by an attacker.
>>
>> AXION-4 Denied.
>>
>> Attackers can easily do bad things before the message is
>> submitted to the
>> MSA.
>>
>> It is much harder to attack a message once it has left its
>> originating
>> MUA. You either need to have accomplices inside the ISP, or
>> to be able to
>> hack into it, or to have discovered a weakness in its
>> procedures, ... .
>> This limits the states that attackers can easily be reach,
>> and verifiers
>> are quite entitled to attribute more suspicion to the easier states.
>
> OK: correction no point in distinguishing between states that are  
> reachable with equal degree of difficulty.
>
But there may well be value in distinguishing the likelihood of some state  
being reached accidentally rather than deliberately. So you might conclude  
that C1 was more (or maybe less) likely than C2, according to your  
esperience of how well genuine signatures survive on the real net. So if  
you are using spamassassin and applying a given score to a missing  
signatue (case A) you might apply a different score to a failed signature  
(case B) and a different score again to an unacceptable signature (case  
D). And the score would in all cases be adjusted according to the SSP  
reported by the signer.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

More information about the ietf-dkim mailing list