IETF Logo Mail Archive

Re: [ietf-dkim] A more fundamental SSP axiom

"Hector Santos" <hsantos@santronics.com> Fri, 04 August 2006 22:36 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G98HL-0004Js-Tx for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 18:36:27 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G98HK-0001eC-Ep for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 18:36:27 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74MZocR000336; Fri, 4 Aug 2006 15:35:50 -0700
Received: from winserver.com (catinthebox.net [208.247.131.9]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74MZWZe032762 for <ietf-dkim@mipassoc.org>; Fri, 4 Aug 2006 15:35:32 -0700
Received: by winserver.com (Wildcat! SMTP Router v6.1.451.8) for ietf-dkim@mipassoc.org; Fri, 04 Aug 2006 18:37:33 -0400
Received: from hdev1 ([72.144.136.116]) by winserver.com (Wildcat! SMTP v6.1.451.8) with ESMTP id 1484837375; Fri, 04 Aug 2006 18:37:32 -0400
Message-ID: <018301c6b816$162ae8e0$0201a8c0@hdev1>
From: Hector Santos <hsantos@santronics.com>
To: Damon <deepvoice@gmail.com>
References: <20060802002353.U59653@simone.iecc.com> <20060804114527.Y27352@simone.iecc.com> <44D37376.4020408@mtcc.com> <20060804132203.Y49810@simone.iecc.com> <EAF17954-74A3-4374-A059-B31A1414B350@mail-abuse.org> <62146370608041122t779d200h1b29a659ac8ad612@mail.gmail.com> <44D3B49D.9090800@mtcc.com> <62146370608041406i74f707ffgf708bafe87784d97@mail.gmail.com> <44D3BB65.20702@mtcc.com> <016201c6b811$0532d4d0$0201a8c0@hdev1> <62146370608041508m1a4064eeg4bc6732ad1ed94bf@mail.gmail.com>
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
Date: Fri, 04 Aug 2006 18:29:49 -0400
Organization: Santronics Software, Inc.
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Songbird: Clean, Clean
Cc: DKIM List <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be

----- Original Message -----
From: "Damon" <deepvoice@gmail.com>
To: "Hector Santos" <hsantos@santronics.com>


>>  4.7.  DSAP Tag: t=y
>>
>>   The t=y tag is optional.  If defined, the domain is currently testing
>>   DKIM.  Verifiers SHOULD NOT treat testers any different from
>>   production mode signers.  It SHOULD NOT be used as a way to bypass a
>>   failed signature classification policies.  However, verifiers SHOULD
>>   track testers for over extended usage of test signatures and MAY
>>   consider using the results to provide feedback to the domain.
>>
>> And other words, the testing flag will not be tolerated as well.
>>
>
> Whew Hector,
>
>  I see what you are getting at but... have any idea how many domains I
> am currently tracking for reputation?! How long would I have to keep
> that data?
> The bots would cause me to get google size boxes alone.
> Reminds me of the time I suggested a "auto-expiring" DNS tag. That
> went over like a lead balloon.
>
>  Is there another way you could do this?

Well, the whole idea for testing is a migration concept, which implies, a
system exposes an attribute that  they are "testing" should be a time
limited operation.

The idea of saying "Look buddy, pardon my mistakes but I am testing so
please don't reject my errors"  is inherently risky to allow indefinitely.

I suggest a time limit concept for implementations as I suggested the same
with SPF to modify the Migration write up to include a default expiration
concept for migration.  I left it open ended but cited examples of 3, 6
months.  This would be for verifiers to implement.  But you wanted to
document this for senders to understand that there is a LIMIT on testing.
See example below:

Back in MARID, I suggested how one could develop a business model on
reporting by charging systems to obtain feedback and I said this
facetiously, because if someone wants a report, they will have to pay for
any overhead involved.   The bad side is that this may be a cat's meow for
the Direct Marketing industry.  They will love to get as much feedback as
they get can. So they might pay a few pennies or whatever to get reports.

Example where Testing is abused:

Check out Microsoft's Callerid record - it is still under testing after two
years!!! <g>

V:\rfc\dkim>nslookup -query=txt _ep.microsoft.com

Non-authoritative answer:
_ep.microsoft.com       text =

    "<ep xmlns='http://ms.net/1' testing='true'><out><m>"
      "<mx/><a>213.199.128.160</a><a>213.199.128.145</a>
       <a>207.46.71.29</a>
       <a>194.121.59.20</a>
       <a>157.60.216.10</a><a>131.107.3.116</a>
       <a>131.107.3.117</a>
       <a>131.107.3.100</a>"
       "</m></out></ep>"

I guess some engineer at MS forgot to remove it. :-)

But this is what I am talking about where a testing flag should not be
tolerated.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com








_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email