ietf-822
[Top] [All Lists]

Re: [ietf-822] one can re-sign without a permission to re-sign header

2014-05-02 07:48:29
On Thu 01/May/2014 21:54:49 +0200 John Levine wrote:

Perhaps it's time for a more concrete proposal to be written down.

It occurred to me that there's a very simple way to do this:

http://datatracker.ietf.org/doc/draft-levine-may-forward/

Nice one, John!  However, the Security Considerations call for a major
addition, IMHO.  In what cases would a signer add an mf=, weak signature?

*Always* introduces a real security risk, unless all assessors are
modified so as to check the sender is a valid mailing list.  I think
many sites accept DKIM signatures as authentication, so putting a
negligible mf=y on a blank signature creates an attack vector for
phishing.  Of course, domains like PayPal.com will never produce such
signatures.  If Yahoo! do them, however, they'll loose whatever they
gained by letting p=reject.

*ML only* puts the burden of determining whether an entity is a
mailing list on the signer, rather than leaving it to the assessor.
Sites who trust their users have an advantage here; Yahoo! remains in
a questionable position.

Wouldn't it be more direct, albeit more demanding, to propose a
standard for mailing lists?  Such document would also tell how to
discover them, and how to subscribe, and...

Ale

_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822