On 22/04/2014 11:15, Alessandro Vesely wrote:
On Tue 22/Apr/2014 04:58:21 +0200 Ned Freed wrote:
On Sat, Apr 19, 2014 at 09:05:23AM -0400, Michael Richardson wrote:
There are mailing lists that want to "fix" broken messages, yes, but
if we need to provide end-to-end assurance that the message really
came from the originator, disallowing this behavior so that things
like S/MIME and PGP signatures don't get broken might be an
engineering tradeoff that we might have to make.
That's possible, but then you run into other problems. Take the issue
of adding a disclaimer. You can certainly do this without damaging
the S/MIME signature by converting a MIME structure of:
multipart/signed
text/html
application/signature-whatever
to:
multipart/mixed
multipart/signed
text/html
application/signature-whatever
text/plain - disclaimer
But then you have to take into account how this gets displayed, and what
it means when it is displayed.
That alters the content-type and the very beginning of the message body.
The result may be more difficult to display/interpret than a signed
attachment.
For a related trifle, no PGP or S/MIME signatures could have pointed out
that I altered a few bits in the text quoted above, attributed to Ned.
Did I thus break authentication, non-repudiation, or integrity?
I know people think I'm wrong, but I think it needs to be looked at a
different way. As a recipient, I don't want 'proof' that this message
came from Alessandro, I want 'proof' that it came from the
ietf-822(_at_)ietf(_dot_)org mailing list.
I have chosen to trust that mailing list. What I don't want is to
receive messages pretending to be from that mailing list, but not really
coming from it.
Then, because I trust that mailing list, I trust that it has done what
it can to be sure that messages which claim to come from Alessandro
really did.
So, I see the mailing list as being the 'final' recipient of the message
from Alessandro. Then, the mailing list sent a new message to me,
containing (to a reasonable degree) the content of the message which
Alessandro sent. I did NOT receive the message from Alessandro, I
received the 'essence' of that message, in a new message from the
mailing list. The mailing list is not simply a forwarder/redistribution
list, it is an entity in its own right, which receives and sends
messages. (If you want, you could get the mailing list to include the
original message as an attachment, so signatures etc can be validated in
that).
Once you think of it in that way, then the problems become a lot fewer,
IMHO. I don't really see how it can work any other way, without
castrating the mailing list system so it just becomes a dumb
distribution system.
-
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822