Re: DKIM
Keith Moore <moore@cs.utk.edu> Fri, 26 August 2005 16:37 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8hCd-0003PC-PM; Fri, 26 Aug 2005 12:37:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8hCb-0003P0-16 for ietf@megatron.ietf.org; Fri, 26 Aug 2005 12:37:13 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00748 for <ietf@ietf.org>; Fri, 26 Aug 2005 12:37:10 -0400 (EDT)
Received: from ka.cs.utk.edu ([160.36.56.221]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E8hDM-0004c0-2V for ietf@ietf.org; Fri, 26 Aug 2005 12:38:00 -0400
Received: from localhost (ka [127.0.0.1]) by ka.cs.utk.edu (Postfix) with ESMTP id 5A68623550; Fri, 26 Aug 2005 12:37:11 -0400 (EDT)
Received: from ka.cs.utk.edu ([127.0.0.1]) by localhost (ka [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26612-08; Fri, 26 Aug 2005 12:37:09 -0400 (EDT)
Received: from [192.168.0.4] (user-119b1dm.biz.mindspring.com [66.149.133.182]) by ka.cs.utk.edu (Postfix) with ESMTP id 2982E2353B; Fri, 26 Aug 2005 12:37:09 -0400 (EDT)
Message-ID: <430F4524.80705@cs.utk.edu>
Date: Fri, 26 Aug 2005 12:36:52 -0400
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
References: <198A730C2044DE4A96749D13E167AD375A2AB6@MOU1WNEXMB04.vcorp.ad.vrsn.com>
In-Reply-To: <198A730C2044DE4A96749D13E167AD375A2AB6@MOU1WNEXMB04.vcorp.ad.vrsn.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new with ClamAV and SpamAssasin at cs.utk.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
Subject: Re: DKIM
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
>>Not clear. As currently envisioned, DKIM doesn't address phishing >>because it basically says "I saw this message" rather than "I >>wrote this >>message". > > > I don't see a problem with that, XML signature does not have any > signature semantics at all. Different application, different use cases. > Signature semantics are a function of the PKI, not the application. No. If the protocol doesn't say what is meant by signing a message, or even restrict the circumstances in which a message can be signed, then very little can be assumed about a signature even if it appears to be valid. PKI can have an effect on semantics, but the semantics don't have to be determined entirely by the PKI. > I see the big problem with blacklists as being their total refusal to > accept accountability to email senders. That's partially because either they have no way to be sure of what they're asserting, or they have to constrain themselves to making assertions which might be verifiable but aren't good indicators of anything. If we want reputation servers to work better, we have to provide them with data that are both useful and verifiable. > Its all about accountability. I don't see how we can have accountability of reputation servers without giving them reliable data which can be audited. We could penalize them for providing false negative indications but that alone would make them ineffective against all but the worst offenders. Everyone would get away with spamming a little bit, and everyone's mailbox would still be flooded - just with more sources of spam than we have now, and with spam that's harder to filter out with heuristics than at present. > I think that the problem is the common one of thinking that the way to > get a group to act quickly is to specify the smallest possible charter, > even if this means that the job is only half finished. ...and even if that means the problem is not understood. > I think it would be much better to accept that email authentication is > going to be a longer job. > > Instead of proposing a twelve month charter with minimal deliverables I > think that the group should have a longer charter, two or three years > would be more realistic. Long charters don't seem to work well. I'd prefer a charter with the first deliverable is that the group should produce a detailed description of what it takes to solve the problem and a convincing explanation of why it will work. At the rate IETF moves, that will take at least a year. Once that milestone is completed the group could have its charter extended to do the protocol work. But the protocol work is the easy part. > What I don't think is acceptable is a group saying that they are not > going to address a part of a problem because 'we do not understand it' I agree, but it's even worse for a group to try to address a problem that it doesn't understand, or for a group to make a part of the problem that it doesn't understand a necessary component of a solution. Keith _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- (no subject) Tiziana Cascioli
- (no subject) Peter Dawson
- (no subject) Sidney Antommarchi
- (no subject) RK
- (no subject) Manuel La Rosa
- (no subject) wkuo
- (no subject) Rami Zolberg
- Mochamad Iwan Zainuri
- Re: (no subject) space
- (no subject) Manuel La Rosa
- (no subject) Dorian1474
- (no subject) Helen Williams
- (no subject) Neelima Kalidindi
- (no subject) Thomas Chen
- (no subject) Benny Liang
- (no subject) lrzhang
- (no subject) DQuade2502
- (no subject) Ali Boudani
- (no subject) DonNiall
- (no subject) DESKTOPFRiENDS143
- (no subject) FreeOnlineStripr
- Re: [Enum] (no subject) Jim Fleming
- Re: [Enum] (no subject) Jim Fleming
- Re: [Enum] (no subject) Jim Fleming
- (no subject) Sob
- [¯f¬rĵ§i](no subject) clamav
- Re: [¯f¬rĵ§i](no subject) Valdis.Kletnieks
- (no subject) Anjan Biswas
- (no subject) deva
- (no subject) Hallam-Baker, Phillip
- Re: DKIM Keith Moore
- (no subject) rawad Melhem
- Re: (no subject) Dave Aronson
- (no subject) Kevin Comer (on boxes)
- (no subject) D. JEULAND
- (no subject) Carlos De Sousa
- Re: (no subject) Andre Correa
- (no subject) David J. Hite
- (no subject) rena mcleod
- (no subject) David J. Hite
- (no subject) Stephen32