On Mon, 2005-08-15 at 21:53 -0500, Earl Hood wrote: > On August 15, 2005 at 16:33, Douglas Otis wrote: > > > Making an anti-forgery claim spills over into the local-part. > > I'm not sure about this statement. There appears to be two types > of forgery: domain-level and address-level. Are you saying that > effective domain-level forgery protection is not possible without > providing address-level forgery protection?
Verifying an accountable domain will not prevent a mailbox-address from being forged (falsified). Asserting that the From mailbox-domain must be signed by the same domain, or even a sub-domain, may reduce possible sources of forgery, but it does _not_ prevent forgery, such as the falsification of the local-part. There is a long list of deceptive tactics encompassed by forgery, where the mailbox-address is likely a small concern. Forgery and related criminal deceptions may include payloads carrying Trojans or links to deceptive web sites. Such protection is outside of DKIM. If the domain is large and depends upon the network address to authenticate users, then claims that DKIM prevents forgery would be irresponsible, even when the From mailbox- domain is restricted to being signed by the same domain. While there _may_ be value in making these types of assertions to limit sources of potential abuse, these assertions are unrelated to DKIM. DKIM provides an accountable domain that can take corrective action when there are reports of abuse, such as when there is a problem with forgery. Domain assertions for the naive user _may_ enhance their protection, but be cautious about what is actually being provided by these assertions. There are risks when creating false expectations. Even with these assertions in place and rigorous controls established by the signing domain, there are many avenues where these protection schemes are trivially bypassed through the use of deceptive headers, such as pretty names or emphasis placed upon a different header by the MUA. Displaying the accountable domain name without these assertions would be a far safer gambit. Considering anti-forgery or anti-phishing out of scope for DKIM would increase a focus upon what DKIM is actually providing. DKIM provides an accountable domain. That is enough. There are a few areas where this domain and the signing process remain exposed. If these exposures are not addressed, this may prevent DKIM from offering real value in curtailing abuse and achieving wide deployment. -Doug _______________________________________________ ietf-dkim mailing list http://dkim.org
