[mail-vet-discuss] Degrading DKIM "fail" to "neutral" (was Re: Last Call: ...)

[Charles Lindsey]

On Tue, 02 Dec 2008 21:20:49 -0000, Murray S. Kucherawy <msk at sendmail.com>  
wrote:

> One response I got to some queries about this issue went as far as
> saying verifiers SHOULD NOT degrade "fail" to "neutral" despite this
> concern, thereby limiting that action only to well-considered local
> policy decisions.

It is always bad policy to throw away information that might be valuable  
to someone, even though the case of "normal" email might be better that  
way.

Consider, for example, some community discussing some worthwhile topic  
with serious contributions being made. But suppose that community also  
includes "Trolls" whose aim is to disrupt that process by drowning the  
serious discussion in noise. Indeed, we are all aware of the existence of  
such communities.

Now the Trolls will, as Trolls do, continually modify their strategy to  
make their "noise" hard to distinguish from the genuine "signal". Maybe  
their best strategy at some stage will be to DKIM-sign their messages (but  
with bogus signatures, because they do not know the private keys). The  
rest of the comminuty might well wish to react by noticing the presence of  
a failed signature as a good indicator of trollish behaviour (as ever, any  
indicator will still have false positives and false negatives, so maybe  
tnis is just used as a weighting factor).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5