IETF Logo Mail Archive

Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review

Dave CROCKER <dhc@dcrocker.net> Wed, 27 May 2009 16:34 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B8BEA3A6F45 for <asrg@core3.amsl.com>; Wed, 27 May 2009 09:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.452
X-Spam-Level:
X-Spam-Status: No, score=-2.452 tagged_above=-999 required=5 tests=[AWL=0.147, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gejoHPfOVTOq for <asrg@core3.amsl.com>; Wed, 27 May 2009 09:34:34 -0700 (PDT)
Received: from sbh17.songbird.com (mail.mipassoc.org [IPv6:2001:470:1:76:0:ffff:4834:7146]) by core3.amsl.com (Postfix) with ESMTP id 903EB3A65A6 for <asrg@irtf.org>; Wed, 27 May 2009 09:34:34 -0700 (PDT)
Received: from [127.0.0.1] (adsl-68-122-33-167.dsl.pltn13.pacbell.net [68.122.33.167]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n4RGaAUO029680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <asrg@irtf.org>; Wed, 27 May 2009 09:36:15 -0700
Message-ID: <4A1D6BF9.4030802@dcrocker.net>
Date: Wed, 27 May 2009 09:36:09 -0700
From: Dave CROCKER <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <3be421270905240058l423fdb91wcf599f9ba270c9f1@mail.gmail.com>
In-Reply-To: <3be421270905240058l423fdb91wcf599f9ba270c9f1@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Wed, 27 May 2009 09:36:15 -0700 (PDT)
Subject: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: dcrocker@bbiw.net, Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2009 16:34:35 -0000

Amir Herzberg wrote:
>     Nothing much new, just an attempt to provide a
> fair-yet-critical survey, hopefully to help clarify this important 
> subject. Comments will be most welcome. Abstract below.
> 
> Amir Herzberg
> 
> Title: DNS-based Email Sender Authentication Mechanisms: a Critical Review


Perhaps I misunderstand the paper, but it appears to be asserting that DKIM 
validates the From: field.

>      DKIM allows authentication of multiple
> email header fields, including the sender identity displayed to the recipient; in
> that regard, it is similar to SIDF

Since DKIM does nothing of the kind, that seems a rather fundamental point of 
departure for evaluating the paper.

DKIM authenticates the signing domain, and it ensures data integrity for the 
covered header fields and body, from the place of signing to the place of 
verification.  But it does not authenticate any of the message contents, such as 
the sender identity.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email