Re: [ietf-dkim] draft-fenton-dkim-threats-00

Thu, 06 Oct 2005 17:26:07 -0700

Dave Crocker wrote:
DKIM is extremely helpful for this scenario because the negative reputation that you have assigned to my identity (errr... domain) can now be reliably and accurately applied.
You could not do that so safely in the past.
The threat analysis characterizes the bad acts as the spoofing of email addresses. 
I absolutely agree that DKIM is helpful in allowing you to reliably apply a reputation that you maintain.  This is discussed in the second paragraph of section 1 of the threat analysis.  I am simply saying that DKIM doesn't say anything about how the reputation is maintained and applied.

Different issue.
Yes I certainly agree with you statement about reputation.
In fact, I think DKIM documents should simply and directly say something like:  DKIM validates the use of an identity.  A validated identity has a number of uses, including as the referential basis for developing a reputation information service.  However identity validation is merely input to the creation of such a service, rather than having any reputation-related semantics of its own.
That is fairly close to the second paragraph of section 1, although your version doesn't discuss locally maintained whitelists (arguably not a reputation information service) nor accreditation services, both of which also benefit from DKIM.  My version doesn't re-emphasize that it is input to such a service, as your last sentence does.

Well, maybe that wasn't as simple as it could be...

In any event, I was commenting on the cited statement, which the threats document does focus on.

My point is that this obnoxious Dave Crocker that you do not want to receive mail from qualifies as a Bad Actor, but no spoofing is involved.
True, but I have been saying that this is a class of Bad Actor that DKIM does not address.  I am beginning to see that it should say something about supporting other mechanisms against these bad actors, even though it doesn't itself solve the non-spoofing obnoxious sender (NSOS?) problem.

-Jim

_______________________________________________
ietf-dkim mailing list
http://dkim.org

Reply via email to