Re: [ietf-dkim] Tracing SSP's paradigm change
Jim Fenton <fenton@cisco.com> Thu, 13 December 2007 07:29 UTC
Return-path: <ietf-dkim-bounces@mipassoc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2iV8-0008NM-Kn for ietf-dkim-archive@lists.ietf.org; Thu, 13 Dec 2007 02:29:00 -0500
Received: from mail.songbird.com ([208.184.79.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2iV7-0000dh-93 for ietf-dkim-archive@lists.ietf.org; Thu, 13 Dec 2007 02:28:58 -0500
Received: from mail.songbird.com (sb7.songbird.com [127.0.0.1]) by mail.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id lBD7RDd5007971; Wed, 12 Dec 2007 23:27:13 -0800
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mail.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id lBD7R0Bs007924 for <ietf-dkim@mipassoc.org>; Wed, 12 Dec 2007 23:27:01 -0800
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 12 Dec 2007 23:27:25 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id lBD7RPFI004967; Wed, 12 Dec 2007 23:27:25 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id lBD7RK0i020314; Thu, 13 Dec 2007 07:27:25 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 23:27:20 -0800
Received: from fenton-mac.cisco.com ([10.32.251.6]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 23:27:20 -0800
Message-ID: <4760DED5.2030904@cisco.com>
Date: Wed, 12 Dec 2007 23:27:17 -0800
From: Jim Fenton <fenton@cisco.com>
User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031)
MIME-Version: 1.0
To: Jon Callas <jon@callas.org>
Subject: Re: [ietf-dkim] Tracing SSP's paradigm change
References: <47549320.9000307@dcrocker.net> <475585A2.8040600@mtcc.com> <4755D0D4.4000005@dcrocker.net> <4755D4B8.8060807@cisco.com> <4755E313.6010302@dcrocker.net> <18080-SnapperMsgD8DB99B6C37BA651@[75.223.60.200]> <475608FB.6090501@mtcc.com> <4756FE2C.8030606@dcrocker.net> <47575F6C.6040809@altn.com> <475767A1.70005@dcrocker.net> <475821E4.8050104@mtcc.com> <475826F7.2020709@dcrocker.net> <47582A08.3080401@mtcc.com> <8408E670-5408-4A93-A914-F9D8A2C3AD23@blighty.com> <47583166.5080306@mtcc.com> <B4570829-1859-40B0-9C6B-D263811A73B3@blighty.com> <47585015.7010303@mtcc.com> <475C1CF7.1050904@dcrocker.net> <7355B05F-58BA-498C-9E5F-ADE68109817C@callas.org>
In-Reply-To: <7355B05F-58BA-498C-9E5F-ADE68109817C@callas.org>
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 13 Dec 2007 07:27:20.0172 (UTC) FILETIME=[989ABAC0:01C83D59]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=7930; t=1197530845; x=1198394845; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fenton@cisco.com; z=From:=20Jim=20Fenton=20<fenton@cisco.com> |Subject:=20Re=3A=20[ietf-dkim]=20Tracing=20SSP's=20paradig m=20change |Sender:=20; bh=vYlEAqnc72q7b4tn5VfOWlnemHCsG4cn/Xtf8fFZkYg=; b=oNfF75JEE+uH8v86r12btJ5KU5Hh2LgEvEEKDxYQS7y3FAUz9iC2o3KsuV BKqUfuoydDGHqa1hgLkal7A4LwQGw79LmowcjRreweM4VBoy12+you7JWTgt ruhV78px7r;
Authentication-Results: sj-dkim-4; header.From=fenton@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: DKIM WG <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: -1.0 (-)
X-Scan-Signature: 33cc095b503da4365ce57c727e553cf1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been avoiding this thread, because it does not apply to a particular issue, but it seems to go on and on... Jon Callas wrote: > It's been hard over the last few days to keep pace with all of the > messages here, so my comments are on the basic notion that Dave > had brought up. > > I agree wholeheartedly with his basic premise, that SSP started off > being modest, and has grown into the experimental and > encompassing. I also agree that this isn't good. What is the modest SSP that everyone speaks of? The first SSP draft that I know of is draft-allman-dkim-ssp-00, dated July 9, 2005, prior to the chartering of the DKIM Working Group. It contains the "unknown", "all", and "strict" policies (although they were known as ~, -, and ! respectively), as well as a "no mail" policy. It not only checks the local-part of the email address, it has a provision that allows sender signing policy (as it was known then) to be expressed at the user level. It searches up 5 levels of hierarchy to protect against sub-sub-sub-domain attacks. It includes a reporting address and a testing flag. The only substantial thing that has been added is the handling tag. In so many ways, SSP is much more modest now than before. > > So I'm going to pull back and describe how I think we got here. > > Back in the days of DKIM-base, we started with considering what > happens with broken signatures. We also believed that it would be > not uncommon for a legitimate message to get its signature broken > in flight. > > When you consider what the receiver is supposed to do with a broken > signature, the first suggestion is, "Well, do what you did before > DKIM." This is legitimate, if unsatisfying. It is more > unsatisfying the more that signatures can be expected to land > unmolested. By "do what you did before DKIM", I gather you mean that you consider the signature not to exist. If broken signatures are treated any better than non-existing signatures, this invites attackers to attach invalid signatures to messages. > > Secondly, if you consider the senders for whom DKIM is most > valuable -- big phishing targets -- they want the illegitimate > message thrown away. > > This leads us to a nice confluence of events. The receiver has a > message it isn't sure what to do with, and the sender can offer > helpful advice. If the sender says, "I'd rather you threw away a > good message than accept a bad one," then the receiver has a hint > as to what to do with it. Don't bother trying to process it, just > junk it. This is the "handling" flag, which was just introduced in the latest draft. > > Thus is born SSP, and thus is born the "I sign everything" policy. > This is non-controversial, we all think it's great. As a receiver, > if I see a broken signature, do an SSP check and if it says "sign > all" I can now just throw the message with the broken signature > away. No, that's not what the "I sign everything" policy says at all. Since the message doesn't have a valid signature, SSP says the message is Suspicious. The verifier can use that information however it pleases. > > However, next comes an addition to that. If we assume there are > active bad guys, they'll just send their bad messages with no > signature. Consequently, we can solve this by redefining a broken > signature to include messages with no signature. It doesn't take > much of a stretch to consider no signature to be merely the most > extreme form a broken signature. This way, we end up will all > forged messages pretending to be from a signing domain to be > dropped at the receiver. Again, not dropped, unless you're talking about the handling tag. > > This is undeniably a Good Thing. I support it, myself. However, it > is also precisely the place where SSP jumped the shark. All the > further mission-creep of SSP comes from this one > seemingly-innocuous, well- meaning change. > > This *radically* changes SSP in two fundamental ways: > > (1) It changes SSP from being a protocol that governs the error > condition of an optional protocol to being a protocol that governs > *every* email received by *every* MTA. Application of SSP to only messages containing broken signatures has *never* been proposed in any SSP draft. To do so would create an incentive not to deploy DKIM: there would be the fear that application of a DKIM signature might hinder delivery of messages, because of the potential for breakage that would not exist for unsigned messages. > > (2) It changes SSP from being *guidance* that a sender gives to a > receiver to a *mandate* that the sender gives to the receiver. Again, you are confusing the practices with the handling tag, and even the handling tag isn't a mandate. > > The first one is troubling for a number of reasons. When we started > DKIM, we told the rest of the IETF that this was an optional > protocol, you didn't have to use it, and so on. We also cooed > softly at the people who worried about the increased DNS use, > arguing many ways that this wouldn't dramatically increase the > global load on DNS all that much. > > While this addition (SSP check on every message) is certainly a > Good Thing, it means that we've gone back on our word to the rest > of the IETF. I think it could be argued that that this violates the > DKIM charter, in spirit, if not in the letter. I'd like to know what part of the charter you think this violates. So, let me get this right: We allow domains to optionally publish a policy (practice) that says "I sign everything" but we don't even check that when we get something that isn't signed. How can that possibly be useful? > > The second one is much subtler. It's a principle of email sending > that the receiver can do whatever they want, no matter how stupid. > While it may be useful for the sender to offer hints and guidance > to the receiver, the sender cannot mandate. While I don't know how, > I see here the makings of an exploitable architectural flaw. It's about as non-mandatory as I can think of making, other than making it a non-normative implementation note (which of course I'll do if the WG consensus says so). Beyond that, we're in the "treat the message (hint-hint, nudge-nudge) with prejudice" realm, which is more dangerous than being more specific, as Scott Kitterman has noted about SPF. > > I think we need to take a big step back from SSP. We need to > seriously look at all policies other than the original "sign > everything" policy and discuss them thoroughly. We need to > seriously look at that one little change and discuss how it > changed, as Dave said, the very *paradigm* of SSP. I would like to know *when* it changed, and then I would have context for *how* it changed. > > I offer as a suggestion that we issue an SSP document that > describes only the basic broken-signature-only model of SSP with > only the one policy (sign-all). After that, we look at enhancements > to the model carefully. We seriously discuss whether they are > outside the charter because of the effect it has on the global > email infrastructure to turn DKIM from an opt-in protocol to a > you-must protocol. We also seriously have to look at other policies > to discuss their effectiveness along with their environmental > effects. SSP in no way turns DKIM from opt-in to you-must. Domains that don't publish SSP have their mail treated as non-Suspicious, regardless of the presence or absence of signatures, which is the most favorable category. - -Jim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYN7VR3t0p2Nw35URAre9AJ0UPKHDid1Lzf9ejdSPxqSMvc810gCghCbV 9y2u6y3ylbEW2JJ3vFHGIks= =WnMn -----END PGP SIGNATURE----- _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] Review of DKIM Sender Signing Practic… Dave Crocker
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John Levine
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Scott Kitterman
- Re: [ietf-dkim] SSP sender expectations John Levine
- Re: [ietf-dkim] SSP sender expectations Scott Kitterman
- [ietf-dkim] Re: SSP sender expectations Frank Ellermann
- RE: [ietf-dkim] Review of DKIM Sender Signing Pra… Patrick Peterson
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- RE: [ietf-dkim] Review of DKIM Sender Signing Pra… Patrick Peterson
- RE: [ietf-dkim] SSP sender expectations Patrick Peterson
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Wietse Venema
- RE: [ietf-dkim] Review of DKIM Sender Signing Pra… J D Falk
- RE: [ietf-dkim] SSP sender expectations J D Falk
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John Levine
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Jim Fenton
- RE: [ietf-dkim] SSP sender expectations J D Falk
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Wietse Venema
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John L
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Eliot Lear
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John L
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John L
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Eric Allman
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Hector Santos
- [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Re: Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Re: Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Comments on SSP Review BASIC ISSUES Arvel Hathcock
- Re: [ietf-dkim] Comments on SSP Review BASIC ISSU… Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- RE: [ietf-dkim] Comments on SSP Review BASIC ISSU… Patrick Peterson
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Comments on SSP Review BASIC ISSU… Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… Scott Kitterman
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… John Levine
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… Scott Kitterman
- [ietf-dkim] making SSP useless in one short step Michael Thomas
- [ietf-dkim] Re: making SSP useless in one short s… Dave Crocker
- Re: [ietf-dkim] making SSP useless in one short s… John Levine
- Re: [ietf-dkim] making SSP useless in one short s… Michael Thomas
- [ietf-dkim] Re: making SSP useless in one short s… Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change John Levine
- Re: [ietf-dkim] Re: making SSP useless in one sho… Hector Santos
- [ietf-dkim] OT: apps-review (was: making SSP usel… Frank Ellermann
- Re: [ietf-dkim] Re: making SSP useless in one sho… Dave Crocker
- Re: [ietf-dkim] Re: making SSP useless in one sho… John Levine
- Re: [ietf-dkim] making SSP useless in one short s… Scott Kitterman
- Re: [ietf-dkim] Re: making SSP useless in one sho… Scott Kitterman
- Re: [ietf-dkim] Re: making SSP useless in one sho… Michael Thomas
- [ietf-dkim] Issue #1512: Re: making SSP useless i… Jim Fenton
- [ietf-dkim] Re: Issue #1512: Re: making SSP usele… Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Arvel Hathcock
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Arvel Hathcock
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… John Levine
- Re: [ietf-dkim] Re: making SSP useless in one sho… Arvel Hathcock
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Arvel Hathcock
- Re: [ietf-dkim] making SSP useless in one short s… Arvel Hathcock
- Re: [ietf-dkim] Re: making SSP useless in one sho… Arvel Hathcock
- Re: [ietf-dkim] Tracing SSP's paradigm change Arvel Hathcock
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Dave Crocker
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Arvel Hathcock
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… Scott Kitterman
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- RE: [ietf-dkim] Signal to noise ratio Bill.Oxley
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Wietse Venema
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- Re: [ietf-dkim] Tracing SSP's paradigm change Hector Santos
- Re: [ietf-dkim] Tracing SSP's paradigm change Arvel Hathcock
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Douglas Otis
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Hector Santos
- threat modeling & use cases (was RE: [ietf-dkim] … J D Falk
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Re: Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Jim Fenton
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… John L
- Re: [ietf-dkim] Re: Tracing SSP's paradigm change Scott Kitterman
- Re: threat modeling & use cases (was RE: [ietf-dk… Steve Atkins
- Re: threat modeling & use cases (was RE: [ietf-dk… Scott Kitterman
- Re: threat modeling & use cases (was RE: [ietf-dk… Steve Atkins
- Re: threat modeling & use cases (was RE: [ietf-dk… Dave Crocker
- Re: threat modeling & use cases (was RE: [ietf-dk… Hector Santos
- [ietf-dkim] Putting away the SSP Crystal Ball Patrick Peterson
- [ietf-dkim] Does nobody or everybody want SSP? Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- [ietf-dkim] Next-generation SPF cabal Patrick Peterson
- Re: [ietf-dkim] Putting away the SSP Crystal Ball Dave Crocker
- Re: [ietf-dkim] Putting away the SSP Crystal Ball Scott Kitterman
- RE: [ietf-dkim] Next-generation SPF cabal Bill.Oxley
- Re: [ietf-dkim] Next-generation SPF cabal Scott Kitterman
- Re: [ietf-dkim] Next-generation SPF cabal Hector Santos
- [ietf-dkim] "no mail" (was: Next-generation SPF c… Frank Ellermann
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Jon Callas
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Jeff Macdonald
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… John L
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Hector Santos
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Jon Callas
- RE: threat modeling & use cases (was RE: [ietf-dk… J D Falk
- Re: threat modeling & use cases (was RE: [ietf-dk… Steve Atkins
- RE: [ietf-dkim] Tracing SSP's paradigm change J D Falk
- RE: threat modeling & use cases (was RE: [ietf-dk… J D Falk
- Re: [ietf-dkim] Tracing SSP's paradigm change Mark Delany
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: threat modeling & use cases (was RE: [ietf-dk… Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Mark Delany
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Mark Delany
- Re: [ietf-dkim] Hostile to DKIM deployment Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Hostile to DKIM deployment Wietse Venema
- [ietf-dkim] Process Question Michael Thomas
- Issue 1527 - Threats (was Re: [ietf-dkim] Hostile… Dave Crocker
- Re: [ietf-dkim] Process Question Hector Santos
- Re: [ietf-dkim] Hostile to DKIM deployment Hector Santos
- Re: [ietf-dkim] Hostile to DKIM deployment Wietse Venema
- Re: [ietf-dkim] Process Question Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Hector Santos
- Re: [ietf-dkim] Hostile to DKIM deployment Hector Santos
- [ietf-dkim] ISSUE: minimal version of SSP, was Tr… John Levine
- Re: [ietf-dkim] Hostile to DKIM deployment Damon
- Re: threat modeling & use cases (was RE: [ietf-dk… Dave Crocker
- Re: [ietf-dkim] Process Question Stephen Farrell
- Re: [ietf-dkim] Hostile to DKIM deployment Wietse Venema
- Re: [ietf-dkim] Hostile to DKIM deployment Dave Crocker
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Hector Santos
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Stephen Farrell
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Dave Crocker
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Steve Atkins
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Michael Thomas
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Steve Atkins
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Dave Crocker
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… John Levine