Re: MASS/DKIM BOF Summary

["Dave Crocker" <dcrocker@xxxxxxxx>]

And if dkim is NOT intended for user-level?

D/
-----Original Message-----
From: Earl Hood <earl@xxxxxxxxxxxx>
Date: Fri, 05 Aug 2005 14:58:31 
To:ietf-mailsig@xxxxxxx
Subject: Re: MASS/DKIM BOF Summary


On August 5, 2005 at 01:37, Michael Thomas wrote:

> 1) Use of domain names without the knowledge or permission of the domain
>      in question; if nothing else,  the misrepresentation is an attack 
> even if
>      the intent is benign.
> 2) Damage to reputation of the domain due to receivers believing that the
>     originating domain is at fault (often times spam)
> 3) Make-work attacks due to complaints from users about supposed abuse
> 4) Retribution attacks where known users of a domain or the domain itself
>     is impugned by forgery of malicious content to innocent dupes (joe-job)
> 5) Outright fraud attempts where victims are lured to illegitimate sites 
> purporting
>     to be a domain a user holds in trust (phishing)
> 6) Loss of confidence of domain users in legitimate mail actually sent 
> by the
>     domain, and the resulting work for domain operators caused by the blow
>     back of false alarms

All of these are from a domain-centric perspective, and excludes the
author/sender perspective, formally known as Originating Address (OA)
in the DKIM SSP draft.

If DKIM is intended to deal with things at a user-level, then
user-level considerations must be addressed, especially spoofing
(which can also have an affect on domains).

--ewh


 /d

--
Dave Crocker
Brandenburg InternetWorking
dcrocker a t
www.bbiw.net
+1.408.246.8253