John R Levine wrote:
DKIM lets anyone sign any message, with no necessary connection between
the signing domain and the domain in any other header such as From: or
Sender:. By third-party signatures we mean signatures that don't match
the From: or don't match the Sender:, or don't match something else.
The semantics as well as definition of third party signatures are, to put
it mildly, somewhat unclear. Some thought or actual experiments with such
signatures could be helpful.
I think the above characterization has the issue reversed, or worse.
From the DKIM base specification:
1.1 Overview
DomainKeys Identified Mail (DKIM) defines a mechanism by which email
messages can be cryptographically signed, permitting a signing domain
to claim responsibility for the introduction of a message into the
mail stream. Message recipients can verify the signature by querying
and
1.2 Signing Identity
DKIM separates the question of the identity of the signer of the
message from the purported author of the message. In particular, a
signature includes the identity of the signer. Verifiers can use the
signing information to decide how they want to process the message.
INFORMATIVE RATIONALE: The signing address associated with a DKIM
signature is not required to match a particular header field
because of the broad methods of interpretation by recipient mail
systems, including MUAs.
First, this makes the semantics of the signature anything but ambiguous, or at
least it focuses any ambiguity on the word "responsible" rather than on the
choice of identity.
Second, it explicitly decouples the responsible identity from any other identity
in the message.
To repeat: the semantics of a DKIM signature are actually quite clear and
precise. I'll even go so far as to suggest that a receive-side filtering engine
has utterly no concern with whether the signature identity matches the From
identity's domain.
Although many folks expect a coupling to exist with the From domain reference,
that is a *value-added* matter for DKIM, rather than an issue with the basic
mechanism.
Yes, the sender signing practises document considers the topic, but that
document has received little serious review. So we should be a bit cautious
about characterizing the issue in a particular way.
For example, all of this concern about having the signing identity and
rfc2822.From identity be different mostly asserts that there is a problem,
without explaining its nature very clearly or substantiating the validity of the
problem.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg