ietf-822
[Top] [All Lists]

Re: Signed headers in email (was Re: Draft for signed headers)

1999-03-26 13:13:58
To be very blunt:

(1) If I want to sign headers, I'll use multipart/signed of message/rfc822.

Fine. You can do that, but it is no solution for some news applications.

Then develop a solution that is tailored to those news applications,
but don't pretend that it is for use by end-users.  If you try to 
solve both problems at once you may end up making it too difficult.

(3) If I want to sign SMTP envelope information, I'll use
   multipart/signed and RFC 2442 with a private agreement for the
   transport address/protocol to the recipient MTA.  The
   alternative hop-by-hop STARTTLS might provide less security, but is
   better than none and is deploying well.

Agreed. My proposal says nothing about envelopes.

strictly speaking, about half of the Usenet message header *is* an envelope.
(i.e. it's intended for use by the news transport system)
that's part of why the needs of Usenet are different than those of email.

(usenet's placement of envelope information in headers vs. email's
separation of headers and envelope, is the source of a lot of the 
problems associated with integrating usenet and email.  which is 
not to say that usenet did it wrong, but that the models are different
and to a large degree, incompatible.)

(4) Any attempt at a canonicalization algorithm for mail header signing is
   doomed to failure from the outset.  It will be ambiguous, too complex,
   or inadequate.

And that is a matter you decide by examining the proposals and finding
holes in them. Not by asserting ex cathedra that no solution exists. I
have proposed a canonicalization algorithm which may or may not work. It
should be examined, discussed, and improved.

people who have done this before in the context of email, understand
why canonicalization is difficult.  the problems are similar enough that
people who haven't done this before should respect the experience of those
who have.  that doesn't inherently mean that new proposals cannot be 
examined, but neither can you demand that other people consider them.  
one of the things that experience teaches you is how to tell when you're 
getting near a rathole.


(B) If signed headers in email are attempted, I suspect the IESG will kill
   the proposal so I don't have to expend energy fighting it.

If the usenet-format people submit a proposal to the IESG, I doubt IESG
is going to kill it just because it _might_ get used in mail as well. 

If the usenet-format people submit any kind of signature proposal to IESG,
IESG is going to want (a) strong justification for why it should be approved
and (b) absent very good reasons why this is a lot better than s/mime or 
openpgp for general purpose uses, an applicability statement which says 
what signed headers are good for and what they're not good for.


Keith

<Prev in Thread] Current Thread [Next in Thread>