IETF Logo Mail Archive

Re: [ietf-dkim] A more fundamental SSP axiom

Michael Thomas <mike@mtcc.com> Fri, 04 August 2006 23:08 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G98m7-0003Y2-GH for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 19:08:15 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G98m5-0004Zr-Mp for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 19:08:15 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74MtcPe002918; Fri, 4 Aug 2006 15:55:39 -0700
Received: from fasolt.mtcc.com (adsl-216-102-208-10.dsl.snfc21.pacbell.net [216.102.208.10]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k74MtS9e002870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-dkim@mipassoc.org>; Fri, 4 Aug 2006 15:55:28 -0700
DKIM-Signature: v=0.4; a=rsa-sha256; q=dns/txt; l=1217; t=1154732098; x=11 55596098; c=relaxed/simple; s=dicks.drop.kirkwood; h=Content-Type:From:Subj ect:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z= From:=20Michael=20Thomas=20<mike@mtcc.com>|Subject:=20Re=3A=20[ietf-dkim]=2 0A=20more=20fundamental=20SSP=20axiom|Sender:=20|To:=20John=20L=20<johnl@ie cc.com>|Cc:=20=20ietf-dkim@mipassoc.org|Content-Transfer-Encoding:=207bit|M IME-Version:=201.0|Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B= 20format=3Dflowe d; bh=tX6OJbOOIVBABl6NrdpJuVoYSnppGNntIo9Rmns80Do=; b=jkDZvHq+nohRSLyl2vxtbm/2oi2nMZ/BeKwmhFRjxQ5koC1UOcXmyGaXA5742nExWFBwNfPb xnUSnVFDg7Rgosbwd6QAe2u4lfOuFVrTxYgZDaBUh2U21FAogjHZ5zIG;
DKIM-Signature: a=rsa-sha1; q=dns; l=1217; t=1154732098; x=1155596098; c=r elaxed/simple; s=dicks.drop.kirkwood; h=Content-Type:From:Subject:Content-T ransfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:Michael= 20Thomas=20<mike@mtcc.com>|Subject:Re=3A=20[ietf-dkim]=20A=20more=20fundame ntal=20SSP=20axiom|Sender:|To:John=20L=20<johnl@iecc.com>|Cc:=20ietf-dkim@m ipassoc.org|Content-Transfer-Encoding:7bit|MIME-Version:1.0|Content-Type:te xt/plain=3B=20charset=3DISO-8859-1=3B=20format=3Dflowe d; X=v=3Dcisco.com=3B=20h=3DTHgzsy76Cqx29/einu/PnNiEwmM=3D; b=DkLgEePyH97oc+uVetMQrYO7XkuXR2JlBJvM+pfwNeX7xZqF8hlmeF7yp7kvPNacUCe3dti3 D6AzugLPao/F3BsVzHTcsZTQM3hCGjRuQYSB0xjCjBSmb39zqjHiG7sc;
Received: from [192.168.0.102] (sj-natpool-220.cisco.com [128.107.248.220]) (authenticated bits=0) by fasolt.mtcc.com (8.13.6/8.13.1) with ESMTP id k74Msuh9011888 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 4 Aug 2006 15:54:58 -0700
Message-ID: <44D3D03B.3060102@mtcc.com>
Date: Fri, 04 Aug 2006 15:54:51 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Thunderbird/0.8 Mnenhy/0.7.2.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: John L <johnl@iecc.com>
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
References: <20060804173538.54245.qmail@simone.iecc.com> <44D3C0BB.9000405@mtcc.com> <20060804174955.N15734@simone.iecc.com> <44D3C8DB.4070101@mtcc.com> <20060804184321.L23892@simone.iecc.com>
In-Reply-To: <20060804184321.L23892@simone.iecc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: fasolt.mtcc.com; header.From=mike@mtcc.com; dkim=pass ( sig from mtcc.com/dicks.drop.kirkwood verified; ); header.From=mike@mtcc.com; dkim=pass ( sig from mtcc.com/dicks.drop.kirkwood verified; );
X-XIPE-SCORES: dispose=pass; ACD=1.00; CLAM=0.00; COMPLY=0.00; URL=0.00; SA=0.00; HONEY=0.00;
X-Songbird: Clean, Clean
Cc: ietf-dkim@mipassoc.org
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464

John L wrote:

>> I cannot see how SSP can do anything but make false positives more 
>> likely. The real question is whether the gain in eliminating harmful 
>> mail is worth the occassional false positive. So if what you are 
>> saying is true, law firms would be literally nuts to turn SSP "I sign 
>> everything" on, and so I'm surprised to hear that you think they should.
>
>
> At the moment, I agree with you.  Considering the value of the 
> messages, I'm surprised we don't see more fake mail saying that a case 
> has been dismissed or a hearing postponed.  If that happened, the 
> answer might be different.

Ah, that sounds a *lot* more like they want whitelists than SSP. In any 
case, if
that became prevalent you wouldn't want the defaultish disposition of "I 
sign
everything" to be reject. There would  be far too high a risk for a 
false positive
if what you're saying is true. The best you could hope for is to hope 
all of your
whitelisted domains get through mostly unscathed and then slavishly go 
through
the potentially spoofed ones, mostly likely with wetware. This is, of 
course, a
hard problem and DKIM is only likely to go so far as to help it.

       Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email