[ietf-dkim] Collection of use cases for SSP requirements
"Patrick Peterson" <ppeterson@ironport.com> Tue, 07 November 2006 07:20 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhLG9-00021g-Jr for ietf-dkim-archive@lists.ietf.org; Tue, 07 Nov 2006 02:20:37 -0500
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhLG5-0007d1-Vh for ietf-dkim-archive@lists.ietf.org; Tue, 07 Nov 2006 02:20:37 -0500
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id kA77IwRs027582; Mon, 6 Nov 2006 23:19:04 -0800
Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id kA77IlHY027521 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-dkim@mipassoc.org>; Mon, 6 Nov 2006 23:18:48 -0800
DomainKey-Signature: s=key512; d=ironport.com; c=nofws; q=dns; b=PbqX0J706CVGq4mKoiSBr7k96hdsq1AsTN4nJmjpDxfXmpvvHQGMcD3S1XlJGyyv/KUaijNdB1vuZFCUuwJaEw==;
Received: from dooku.ironportsystems.com ([10.1.1.49]) by a50.ironport.com with ESMTP; 06 Nov 2006 23:18:32 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 06 Nov 2006 23:18:24 -0800
Message-ID: <60A9EDD76DBBFE48ABE4FE35324BBB8201B51798@dooku.ironportsystems.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Collection of use cases for SSP requirements
Thread-Index: Aca13j+DX0Qda6RaQPWHma4yNa+EBQAAl7UgAAbME5ATAxDz4A==
From: Patrick Peterson <ppeterson@ironport.com>
To: ietf-dkim@mipassoc.org
X-Songbird: Clean, Clean
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by sb7.songbird.com id kA77IlHY027521
Subject: [ietf-dkim] Collection of use cases for SSP requirements
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: -0.1 (/)
X-Scan-Signature: 1449ead51a2ff026dcb23465f5379250
3 months and 1300 mailing list posts ago, I wrote that I was going to survey some senders on SSP use cases and report results back to the list. At long last, here are the results. We reached out to a large set of senders who are either heavily phished or have very valuable online brands they want to protect. Our results are therefore highly biased toward these organizations. They send high volumes of legitimate email using heavily phished domains. They will be among the earliest enterprises to deploy with aggressive SSP policies. All of these senders understand the inherent limitations in authenticating a domain used in email (cousin domains, friendly names, lack of client support, etc). They understand DKIM is not a 'silver bullet' solution but still believe DKIM offers a technology that over time will help reduce their current problems of domain spoofing. Developing SSP is very different from developing DKIM. DKIM is a technical challenge while the challenge of SSP is primarily to determine what senders want to communicate to receivers and what receivers want to know about senders policies/practices. SSP should provide a vocabulary to senders that meets their needs and is useful to receivers -- this is the most important requirement imho. Separation of SSP Requirements from SSP is very helpful. Here is their feedback. I have also requested that they join the list and provide direct input. This is *requirements* input, not proposing a solution. And if anyone attended the recent MAAWG conference in Toronto, this is the same information I presented to ISPs. Requirement #1. More aggressive practice options Senders are concerned the current options aren't aggressive enough to cause change in how spoofed email is handled. Without such a change implementing DKIM is of little value to them. The senders want to stop domain spoofing from impacting their brand and customers. They want more aggressive policy statements that will more aggressively encourage the receiver to drop spoofed email. It may be some time before they are 100% signing and common errors that cause signature failure for their mail are eliminated but they are focused on realizing this as soon as possible. When this happens, they want to be able to request that receivers drop signature failures or unsigned email. For some, the cost of phishing is so high and some day the risk of dropping messages will be so low that their inability to state a stronger policy will impact their ability to reduce the impact of domain spoofing. Another way to state this requirement is that there is a difference between, - I sign all email, and - I sign all email, treat unsigned or invalid signature with suspicion, and, - I sign all email AND have enough confidence in the reliability of signatures AND the risk of allowing spoofed email is high enough that I choose to accept the risk and therefore state that receivers should drop unsigned/invalid signature email. Requirement #2. I send no email. Many senders have a large number of domains that are never used in email. They want to be able to state this unambiguously. To the senders I surveyed, the 'I send no email' policy is a unique case from the other cases. I asked if they wanted this in addition to the SPF/SIDF '-all' policy and they universally said yes. Requirement #3. Feedback of invalid signature/unsigned mail Senders are concerned that the #1 item that will prevent them from moving to aggressive practices is the inability to identify errors. Errors on their part (failure to implement signing, improper signing), receiver errors (noncompliant implementations of DKIM validation) or anything else that Murphy's Law says will happen. They would like a feedback mechanism to be defined that provides this feedback. Defining this mechanism does not require it to be implemented by any receiver; failing to define this mechanism makes it impossible to implement easily for anyone. (Without going too far down the solution avenue, senders felt one possible solution to receiving an excessive number of invalid/unsigned feedback emails during a large-scale spoofing attack was to state that they only wanted feedback for emails which originated from their IP space as defined by their SPF record. Not a complete solution as envelope sender not equal From: and mailing list traffic doesn't originate from their IP space, but many felt this might be a good compromise solution.) Please consider these inputs and (hopefully) look for more direct input shortly. I hope these SSP requirements are useful for the SSP Requirements doc. I am unable to attend the IETF session today but I'm sure it will be a lively discussion. I've excerpted the most relevant sections from SSP Requirements and SSP below with some edits to be more specific about possible changes. Changes prepended with >>>> http://www.dkim.org/specs/draft-ietf-dkim-ssp-requirements-02.html 4.1. Problem Scenario 1: All Mail Signed with DKIM <snip> 3. A provides information that it signs all outgoing mail, but places no expectation on whether it will arrive with an intact signature. 4. B could use this information to bias its filters such that it looks somewhat more suspicious. >>> This is great for senders that sign their email but don't have confidence of high rate of receiver validation or that aren't too concerned with domain spoofing. 4.2. Problem Scenario 2: Illegitimate Domain Name Use <snip> 3. A provides information that it signs all outgoing mail, but places an expectation that it should arrive with an intact signature, and that the receiver should be suspicious if it does not. 4. B could use this information to bias its filters such that it looks much more suspicious. >>>> A set of senders really want B to drop this email. Giving them to vocabulary to state this is their desire. ISPs are of course free to do as they see fit, but providing them with more granular information is useful. 4.3. Problem Scenario 3: Domain Sends No Mail A domain may not intend to send mail at all. In such a case, it could be advantageous for a receiver to know the domain's intent and would be likely to treat such mail very suspiciously. >>>> Option to state "drop" vs "very suspiciously" desired. 6.3. Practice and Expectation Requirements <snip> 9. Practices and Expectations MUST be presented as an information service from the signing domain to be consumed as an added factor to the receiver's local policy. In particular, a Practice or Expectation MUST NOT mandate any disposition stance on the receiver. >>>> It's possible to state a desired disposition (drop) without mandating a disposition stance. An ambiguous expectation and a binary expectation is different from an expectation and a mandate. http://www.dkim.org/specs/draft-allman-dkim-ssp-02.txt 4.2. Record Syntax <snip> p= Outbound signing practices for the entity (plain-text; OPTIONAL, default is "unknown"). Possible values are as follows: unknown The entity may sign some or all email. all All mail from the entity is signed; unsigned email MUST be considered Suspicious. The entity may send messages through agents that may modify and re-sign messages, so email signed with a Verifier Acceptable Third-Party Signature SHOULD be considered non-Suspicious. strict All mail from the entity is signed; messages lacking a valid Originator Signature MUST be considered Suspicious. The entity does not expect to send messages through agents that may modify and re-sign messages. >>>> Notch above 'Suspicious' desired NON-NORMATIVE RATIONALE: Strict practices may be used by entities which send only transactional email to individual addresses and which are willing to accept the consequence of having some mail which is re-signed appear suspicious in return for additional control over their addresses. Strict practices may also be used by entities which do not send (and therefore do not sign) any email. >>>> Strict signing not equal to 'does not sign' use case to many senders. pat _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] Collection of use cases for SSP requi… Patrick Peterson
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… Powers, Jot
- RE: [ietf-dkim] Collection of use cases for SSP r… Patrick Peterson
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… wayne
- Re: [ietf-dkim] Collection of use cases for SSP r… wayne
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Powers, Jot
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- RE: [ietf-dkim] Collection of use cases for SSP r… Bill.Oxley
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Douglas Otis
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Graham Murray
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… Wietse Venema
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- Re: [ietf-dkim] Collection of use cases for SSP r… Jeff Macdonald
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Douglas Otis
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Stephen Farrell
- Re: [ietf-dkim] Collection of use cases for SSP r… Jim Fenton
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… Jeff Macdonald
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- Re: [ietf-dkim] Collection of use cases for SSP r… Powers, Jot
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- RE: [ietf-dkim] Collection of use cases for SSP r… Bill.Oxley
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… David Sanchez
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… David Sanchez
- Re: [ietf-dkim] Collection of use cases for SSP r… Stephen Farrell
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Jim Fenton
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… wayne
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… Stephen Farrell
- [ietf-dkim] incremental vs. infrastructure adopti… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Stephen Farrell
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… wayne
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Stephen Farrell
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- Re: [ietf-dkim] incremental vs. infrastructure ad… Charles Lindsey
- Re: [ietf-dkim] Collection of use cases for SSP r… John Glube
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Arvel Hathcock
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- Re: [ietf-dkim] Collection of use cases for SSP r… Scott Kitterman
- RE: [ietf-dkim] Collection of use cases for SSP r… Hallam-Baker, Phillip
- Re: [ietf-dkim] Collection of use cases for SSP r… John Levine
- RE: [ietf-dkim] Collection of use cases for SSP r… Hallam-Baker, Phillip
- Re: [ietf-dkim] Collection of use cases for SSP r… Wietse Venema
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- Re: [ietf-dkim] Collection of use cases for SSP r… Steve Atkins
- Re: [ietf-dkim] Collection of use cases for SSP r… Michael Thomas
- Re: [ietf-dkim] Re: Collection of use cases for S… Wietse Venema
- Re: [ietf-dkim] Collection of use cases for SSP r… Wietse Venema
- [ietf-dkim] Re: Collection of use cases for SSP r… Frank Ellermann
- Re: [ietf-dkim] Collection of use cases for SSP r… Charles Lindsey
- Re: [ietf-dkim] Re: Collection of use cases for S… Charles Lindsey
- Re: [ietf-dkim] Re: Collection of use cases for S… Douglas Otis
- Re: [ietf-dkim] Re: Collection of use cases for S… Hector Santos
- Re: [ietf-dkim] Re: Collection of use cases for S… Douglas Otis
- Re: [ietf-dkim] Re: Collection of use cases for S… Stephen Farrell
- Re: [ietf-dkim] incremental vs. infrastructure ad… Dave Crocker
- Re: [ietf-dkim] incremental vs. infrastructure ad… Charles Lindsey
- rfc2821.Sender usage (was Re: [ietf-dkim] Collect… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Dave Crocker
- Re: [ietf-dkim] incremental vs. infrastructure ad… Dave Crocker
- Re: [ietf-dkim] Collection of use cases for SSP r… Hector Santos
- Re: [ietf-dkim] Collection of use cases for SSP r… Damon