[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Replay attacks and ISP business models

To: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Subject: RE: Replay attacks and ISP business models
From: "John R Levine" <johnl@xxxxxxxx>
Date: 7 Aug 2005 13:14:46 -0400
Cc: "IETF MASS" <ietf-mailsig@xxxxxxx>
Cleverness: None detected
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-mailsig@xxxxxxxxxxxx

> >  If we think it's spam, it's  a replay attack, if think it's
> > good mail it's a mailing list.
>
> Not quite, a mailing list can resign the message if it is DKIM capable.

Sure, but now we're perilously close to saying that all mailing lists have
to upgrade or the DKIM replay detector will whack them, which strikes me
as a total non-starter.  That tells me that a replay detector won't be
useful because of all the false positives.

> I think that we need to look at the problem naked DKIM solves as being
> an adjunct to a spam filtering mechanism that is adaptive. This is a
> major culture shock for the security area since we usually try to design
> systems that are complete and address every anticipated attack.
>
> This is not what people who are in the spam control business are looking
> for, they already have systems that solve 90% of spam problems and they
> want to add authentication because it shuts down many of the tactics
> used in the remaining 10%.

Sounds about right to me.

R's,
John

References:
- RE: Replay attacks and ISP business models
  - From: Hallam-Baker, Phillip

Prev by Date: Re: Replay attacks and ISP business models
Previous by thread: RE: Replay attacks and ISP business models
Index(es):
- Date
- Thread