On Tue, 2006-09-12 at 06:58 -0700, Michael Thomas wrote: > Wietse Venema wrote: > > > What was the advantage of SSP with look-alike domains? > > To find large unproductive ratholes?
What is more important? While DKIM base and any policy alone will not successfully combat phishing (if at all), this does not mean the WG should not consider what is required to combat this threat, if only to support an effective layered approach. > Neither DKIM or SSP claim to have any direct effect on look-alike > domain names, and there's nothing in our charter that says that we'll > be doing anything about that ever. The charter does not rule out the WG from considering what elements might be provided by DKIM to thwart this threat. One simple assurance is already provided in the i= semantics that the email-address is valid. This is the first step along this road. Hopefully this road does not lead to a rathole. It should not. It must not. > DKIM/SSP are two pieces for a much larger set of things that need to > come together to combat phishing including software layered on top of > thse base authentication mechanisms, user base training/human > factors, and law enforcement -- most of which will not have any IETF > involvement at all. There are elements where the IETF can be most instrumental in providing standardized strategies for dealing with this serious risk. The last Cisco sponsored Email Authentication Summit demonstrated effective layered solutions. There was even a discussion regarding what Cisco was doing internally with DKIM. > No amount of hand-wringing here is likely to tell us how this will > ultimately play out. This does require hand-wringing in how this effort can be ultimately administered effectively and what is needed for coordinated progress. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
