[ietf-dkim] The DKIM WG is within security?
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Sat Jan 27 13:46:48 PST 2007
+1
-----Original Message-----
From: Douglas Otis [mailto:dotis at mail-abuse.org]
Sent: Fri 1/26/2007 8:14 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: dotis at mail-abuse.org; ietf-dkim at mipassoc.org
Subject: RE: [ietf-dkim] The DKIM WG is within security?
>>G) Annotation?
>
> Annotation should take place at the MUA or entity with access to the
> addressbook or signatures should not be annotated. Without the effort
> joined by MUA and web client (browser extensions) vendors, DKIM is not
> likely to increase phishing catch rates.
Your statement is less emphatic and better. Perhaps why could be included
however.
How about:
Annotation applied at the MTA will likely invalidate signatures and
prevent more accurate annotations from being applied by end user
applications. Applying annotations should require valid signatures that
are signed on behalf of a _trusted_ entity.
Determination of trust is more accurately accomplished by the end user.
The basis of end user assessments will likely rely upon out-of-band
methods not available to the MTA. These lists might be represented by the
recipient's address book, for example. Without the effort joined by MUA
and web client (browser extensions) vendors, DKIM is not likely to
increase phishing catch rates.
-Doug
More information about the ietf-dkim
mailing list