[ietf-dkim] list vs contributor signatures, was Wrong Discussion
dotis at mail-abuse.org
Thu May 27 02:55:58 PDT 2010
On 5/26/10 8:28 PM, Steve Atkins wrote:
> So it says nothing about the threat it's supposed to thwart. Without that
> there's no possibility of creating an attack tree. And without that, there's
> no possibility of doing any security analysis on any proposal. And ADSP
> is (I think) primarily a security protocol...
Start with a few premises:
Premise one: Users sort messages based upon important From email-addresses.
Premise two: Users mail system does one of the following:
a) annotates ADSP results,
b) blocks on ADSP non-compliance, i.e. no Author Domain signature with
ADSP "all" or "discardable", or
c) includes header available for sort criteria, i.e.
> I'm pretty sure that ADSP as-is is a bad tool to solve any particular problem.
> But given it's not being proposed to solve any concrete problem, it's
> hard to discuss whether there's a better solution.
Based on these two premises, clearly 2b and 2c depends far less on a
user's recognition of expected results. A very good thing.
It is silly to debate whether ADSP is being currently used.
ADSP is currently suitable for only an extremely small subset of mail.
This unfortunately necessitates use of alternative domains.
Using alternative domains in conjunction with domains suitable for ADSP
"all" or "discardable" significantly erodes the practicality of a
sorting mail based upon the From, an important part of domain based
protection strategy. Third-party authorization should overcome this issue.
> The original argument was that it would help deal with phishing, but
> now even the strongest proponents are happy to explain that it will do
> absolutely nothing to help with phishing - but go on to say that as it
> won't help with phishing, the fact that it won't help with phishing isn't
> a weakness.
ADSP alone does not afford complete protection. No one has said
otherwise. ADSP needs extended.
> So what actual operational problem does it attempt to solve? A byte
> sequence in an email header field that's commonly not shown to the
> user is not an operational problem. It might be a middle point in a
> line of reasoning between an operational problem and ADSP.
Indeed, ADSP must be viewed as part of a larger strategy. ADSP takes
advantage of DKIM's ability to survive forwarding, and to not converge
messages into an overly broad IP address authorization scheme. It is
common for servers to carry messages from many different domains, where
IP address authorization paths remain problematic from an architectural
standpoint, and significantly increase a domain's exposure to exploitation.
Conversely, ADSP in conjunction with third-party authorization should
eliminate a need for alternative domains when taking advantage of
third-party services, and will significantly reduce the domain's attack
More information about the ietf-dkim