IETF Logo Mail Archive

Re: [ietf-dkim] A more fundamental SSP axiom

Michael Thomas <mike@mtcc.com> Thu, 03 August 2006 19:13 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G8icy-0002zY-SV for ietf-dkim-archive@lists.ietf.org; Thu, 03 Aug 2006 15:13:04 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G8icx-0000uc-Ba for ietf-dkim-archive@lists.ietf.org; Thu, 03 Aug 2006 15:13:04 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k73JBDLY030589; Thu, 3 Aug 2006 12:11:14 -0700
Received: from fasolt.mtcc.com (adsl-216-102-208-10.dsl.snfc21.pacbell.net [216.102.208.10]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k73JB30M030554 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-dkim@mipassoc.org>; Thu, 3 Aug 2006 12:11:04 -0700
DKIM-Signature: v=0.4; a=rsa-sha256; q=dns/txt; l=3302; t=1154632230; x=11 55496230; c=relaxed/simple; s=dicks.drop.kirkwood; h=Content-Type:From:Subj ect:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z= From:=20Michael=20Thomas=20<mike@mtcc.com>|Subject:=20Re=3A=20[ietf-dkim]=2 0A=20more=20fundamental=20SSP=20axiom|Sender:=20|To:=20John=20L=20<johnl@ie cc.com>|Cc:=20DKIM=20List=20<ietf-dkim@mipassoc.org>|Content-Transfer-Encod ing:=207bit|MIME-Version:=201.0|Content-Type:=20text/plain=3B=20charset=3DI SO-8859-1=3B=20format=3Dflowe d; bh=H2Aioz7VgVuPDLTl7mD+GlOQviibKBvDWIfG9b4fwtY=; b=R9SDa1GD7XlE9k31Z3VoGvPaSTyAtpQ6ixl5DmIrgoaildgtLkwX5YYYl7SQdLrsAmlEmrCj DkK8fl44cBcNPDiMDtgbbqOgwcJPPeaUvbNm0mWGDdfCV7sZqkaOX10i;
DKIM-Signature: a=rsa-sha1; q=dns; l=3302; t=1154632230; x=1155496230; c=r elaxed/simple; s=dicks.drop.kirkwood; h=Content-Type:From:Subject:Content-T ransfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:Michael= 20Thomas=20<mike@mtcc.com>|Subject:Re=3A=20[ietf-dkim]=20A=20more=20fundame ntal=20SSP=20axiom|Sender:|To:John=20L=20<johnl@iecc.com>|Cc:DKIM=20List=20 <ietf-dkim@mipassoc.org>|Content-Transfer-Encoding:7bit|MIME-Version:1.0|Co ntent-Type:text/plain=3B=20charset=3DISO-8859-1=3B=20format=3Dflowe d; X=v=3Dcisco.com=3B=20h=3DTHgzsy76Cqx29/einu/PnNiEwmM=3D; b=jsEgEJ6MNPmZ0wvyFWcpG3AIsQ+lPX679HaEHQ2QFXZVlm0BxtDAF9CEnUqCk0PROZoS9p8c 9C4lUm4bmuUGeCT684ueaQETicdADwMa/qI6N9JQaRH3gbbtGnTmQUa7;
Received: from [171.71.97.63] (dhcp-171-71-97-63.cisco.com [171.71.97.63]) (authenticated bits=0) by fasolt.mtcc.com (8.13.6/8.13.1) with ESMTP id k73JATsp021364 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 3 Aug 2006 12:10:30 -0700
Message-ID: <44D24A20.6050109@mtcc.com>
Date: Thu, 03 Aug 2006 12:10:24 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Thunderbird/0.8 Mnenhy/0.7.2.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: John L <johnl@iecc.com>
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
References: <20060802002353.U59653@simone.iecc.com> <44D0E259.7040400@mtcc.com> <20060802165510.X1168@simone.iecc.com> <44D160BD.7080209@mtcc.com> <20060802223619.E86316@simone.iecc.com>
In-Reply-To: <20060802223619.E86316@simone.iecc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: fasolt.mtcc.com; header.From=mike@mtcc.com; dkim=pass ( sig from mtcc.com/dicks.drop.kirkwood verified; ); header.From=mike@mtcc.com; dkim=pass ( sig from mtcc.com/dicks.drop.kirkwood verified; );
X-XIPE-SCORES: dispose=pass; ACD=1.00; CLAM=0.00; COMPLY=0.00; URL=0.00; SA=0.00; HONEY=0.00;
X-Songbird: Clean, Clean
Cc: DKIM List <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac

John L wrote:

>> Please don't shoot the messanger: I'm just asking.
>
>
> I hadn't intended to shoot, sorry if it came across that way.  You're 
> right, people find all sorts of other uses for successful protocols, 
> but those uses tend to be "pull", repurpose info already used for 
> something else rather than "push", stick in the data and see if anyone 
> cares.  The way we're trying to define SSP is really risky since we 
> have, as far as I can tell, no operational experience at all with 
> anything SSP-like so we're just guessing about what will be useful.
>
> It seems to me that so far we have two, maybe three, items that a 
> sender could publish that would plausibly be useful to a recipient 
> trying to decide what to do with an incoming message that isn't 
> self-signed.
>
> "I send no mail" is about the strongest possible hint that the message 
> is forged, and the recipient doesn't want it.
>
> "I sign all mail" is the next strongest hint, saying to me that the 
> sender believes it has its outgoing mail firmly enough under control 
> that an unsigned message is more likely to be a phish than a damaged 
> real message.


As I've said before, there are really two different subclasses of this one.
You can have your mail very well under control, but you don't have
control over what the damage might be in transit. For some people
like banks and phishing targets, that collateral damage is likely to be
acceptable. For most everybody else it's not.

So I guess it just intrinsically bugs me that the former is a pretty 
rarified
class  of sender, and is SSP really _only_ for them? (leaving I send
no mail aside).  Is there little or no value in knowing that you sign
everything, but transit related damage is possible?

>
> The third is "<foo> signs all my mail", if it turns out that there 
> actually exist foo's that reliable enough to delegate's one's signing, 
> and that it's easier to do that than to sign in the MUA or to provide 
> signing keys so that foo can put on the sender's signature.


This is sort of orthogonal to the previous: it's just saying _who_ is doing
it, so the previous considerations of "I sign all mail" still appy.

>
> So my suggestion would be to use a format similar to the one we use 
> for the signatures, put the first two items in the spec, and use a 
> syntax that permits people to experiment with new items and propose 
> the useful ones for later standardization.
>
I'm mostly on the keep it simple side as well -- I'm mainly pushing on these
things to get issue out in the open so they can be considered and likely 
closed.

I have seen some pushback on "standardize later" tact, but I think 
you're right
that this isn't the same as, say, dkim-base where we're not very likely 
to get an
opportunity for version 2.0. But it shouldn't hurt to just add
stuff to the policy record -- possibly non-standard experimental stuff 
-- and
if it's useful and relevant, users of the protocol will almost certainly 
have an
incentive to upgrade their software to take advantage of it. This is in 
stark
contrast to the -base upgrade problem where the signer has no clue of the
capabilities of the receiver, so backward compatibility is huge concern.

       Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email