Re: [ietf-dkim] Not exactly not a threat analysis
2005-08-23 15:13:43
Keith Moore wrote:
Part of the idea that DKIM seems to propose is that more than one
party can potentially sign a message. For instance, an author
might sign a message, or a list might sign the same message. But
different parties mean different things when they sign the message.
If the author signs a message, it means "I wrote this". If a list
signs a message, it means "I sent this".
But DKIM never gives an assertion of authorship (use PGP or S/MIME
for that). Even if there is a valid signature that is associated
with the origination address, it means "the supposed author's domain
authorized this message".
...which is so vague as to be essentially useless.
If the signature is not vouching for the authenticity of the content,
and it's not vouching for transmission of the message to any particular
recipient, what good is it?
Depends on what you mean by "authenticity". Does the DKIM signature on
this message mean that Jim Fenton wrote it? No. Does it mean that the
content is authentically from my domain? Yes.
What good is it? You could apply a whitelist, or eventually a
reputation or accreditation service to tell you more about the domain
that this message came from.
What standard should a domain require before "authorizing" a message?
That it's suitable for any recipient who might somehow find it in his
mailbox? (I doubt it)
That's up to the domain. They might do sender authentication and just
sign if they were assured that the sender is actually someone in their
domain (and probably someone they could actually track down). They
might require that senders post a bond before they get there messages
signed. They might do an outgoing SpamAssassin check and only sign
messages that look good. There are lots of possibilities, and this is
intentionally beyond the scope of the DKIM specifications.
Should a domain penalize itself by refusing to "authorize" any message
that might, somehow, end up in the mailbox of someone who didn't want
to receive it (and thus subject such messages to filtering even though
they were sent for a legitimate purpose)? Or should a domain penalize
itself by "authorizing" all mail that it actually intended to send or
resend - even though that may harm its reputation? (For an
organization that sends lots of mail, change "may" to "will".)
Or should an enterprise have multiple domain names, and choose which
one to use as a signer based on the perceived risk to its reputation
associated with having it escape into the wild?
These are all possibilities.
This goes to what we have been very generically calling first-party
and third-party signatures. The original submission of a message
would normally result in a first-party signature from the supposed
author's domain. A mailing list would apply a third-party signature,
which can be distinguished by the fact that i= does not match the
originator's address.
There are lots of reasons why i= might not match the originator's
address, even if the originator actually authored the message.
Such as? Clearly the signer can populate i= in any way it likes (and
has a key that enables it to), but why wouldn't it sign the message on
behalf of the OA at origination?
There are other circumstances where third-party signatures would be
applied as well, but I can't think of why it would be significant
whether the third-party signer is a mailing list, some other
resender, or a greeting card or something.
When evaluating a signature, I think the recipient generally cares
about one of two things: who wrote the message and who sent the
message to his mailbox. The first tells him whether the message is
authentic; the second tells him who to blame for sending him a message
that he didn't want to receive. In the second case, I don't think it
matters too much whether the signer is a mailing list or some other
kind of resender - except that in the case of a mailing list it might
not be feasible for the list to sign "I sent this message to X" for
each recipient X.
I think we have different views of what "authentic" means in this context.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] Not exactly not a threat analysis, (continued)
- [ietf-dkim] Is accountability binary?, domainkeys-feedbackbase02
- Re: [ietf-dkim] Is accountability binary?, John Levine
- Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton
- Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
- Re: [ietf-dkim] Not exactly not a threat analysis,
Jim Fenton <=
- [ietf-dkim] accountability, resenders, and replay, Tony Finch
- [ietf-dkim] Re: accountability, resenders, and replay, Jim Fenton
- [ietf-dkim] Re: accountability, resenders, and replay, Keith Moore
- Re: [ietf-dkim] Re: accountability, resenders, and replay, John Levine
- Re: [ietf-dkim] Re: accountability, resenders, and replay, Keith Moore
- Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
- Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton
- Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker
- Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
- Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker
|
|
|