On Dec 24, 2005, at 4:09 PM, Douglas Otis wrote:
On Fri, 2005-12-23 at 17:27 -0500, Nathaniel Borenstein wrote:
Far from trying to "leave only one authorization method," the DKIM
effort is an attempt to show, by example, how an arbitrary number of
such methods might eventually be elaborated and standardized.
There is danger viewing any abuse control mechanism as representing a
"authorization" scheme. The control method should strive to identify
the source of abuse, and not just whether the message has been
authorized. The DKIM signature provides a fairly strong indication of
the message source, with a normal potential for abusive replay as with
any cryptographic method.
I'm sorry, the "authorization method" was an echo of the term used in
the mail I was replying to (which is why it was in quotes). I was
really trying to generalize to a whole range of technologies without
making my wording too awkward. Perhaps I should have replaced "such
methods" with "antimalware technologies" or "abuse control mechanisms."
In any event, I fully agree that the term authorization, in this
context, is both A) insufficiently generalized, and B) troublesome on
countless philosophical grounds.
Reputation remains the only solution able to abate the bulk of abuse.
The word "only" makes me cringe a bit in any discussion like this (a
global fascist state, for example, is another possible solution), but I
think most of us pretty much agree about the critical role of
reputation. I see the cycle as going like this: We need at least one
standardized, moderately-useful system for weakly authenticating the
sources of messages. Once we have that, we have the minimal data that
a reputation system will require to be able to start doing something at
least mildly useful. Once we have *that*, we will have (in our
reputation systems) a built in "market" for additional systems for
(perhaps less weakly) authenticating the desirability (not necessarily
solely due to the source) of incoming messages. To some extent,
there's a chicken-and-egg problem with authentication and reputation
technologies. My hope for DKIM is that it will give us one good enough
egg to produce a chicken, which can then (in much the manner that Cain
and Abel found their wives, I guess) facilitate a whole new generation
of authentication technology eggs.
When
reputation is applied against an "authorization" as an identifier,
innocent email-address domain owners will be seriously harmed. Abusers
will find acceptance methods for an authorization scheme.
Yes, every one of these schemes will be flawed. That is why we need to
understand A) the role of "weak authentication" (weeding out some but
not all of the bad guys at any point in time, and using multiple
sources of information to judge the desirability of a message) and B)
the need for a continually evolving set of (ever-stronger, we hope)
mechanisms for proving that a message is desirable to the recipient.
Some of those mechanisms will also involve (ever-stronger, we hope)
sender authentication, but others could eventually involve technologies
as unrelated to authentication as anonymous payment. -- Nathaniel
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf