Sabahattin Gucukoglu wrote:
On 15 Apr 2014, at 23:20, Pete Resnick
<presnick(_at_)qti(_dot_)qualcomm(_dot_)com> wrote:
That suffers the same problems as X-O-A-R: you have to know when to trust the
intermediate. In the absence of that knowledge, any message transformation is
invisible to the recipient, and potentially malicious. You would have to
invent a scheme for identifying transformations, so users could verify them
against the original sender's signature.
DMARC has put *ALL* the trust into the From: field. That is very unfortunate,
but it seems to be the DMARC peoples' idea of a foolproof, user-visible
identifier.
First off, with xoar, you don't have to trust the intermediary. If one
removes DMARC's alignment mechanism - you can validate that a message
originated from a yahoo address by dint of the crypto signature - as
long as you don't modify any of the fields that get signed. Now if you
want to allow modification of the subject field (e.g., adding a tag)
and/or the body (e.g., adding header and footer) - then you might have
to be a little cleverer, perhaps by providing information about the
diffs in extra headers and doing a few comparisons at the receiving end
(subject tag = *****<original-signed-subject>).
It's worth noting that way back in 1999, the folks who designed HTTP 1.1
designed an authentication scheme that works through proxies. They took
the time to actually acknowledge mechanisms that were in use (i.e.,
caching proxies) and design mechanisms that could work in concert with
them (and yes, in some cases the proxies have to do new things). Those
involved in DMARC, seemingly, did not take the same care to respect the
infrastructure.
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra