ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Re: dkim service

2005-10-13 12:51:52
from [Hallam-Baker, Phillip] [Permanent Link] 
I think that the realistic goal here is that it should be possible for a list 
to be configured to allow a message to survive.
 
I would expect the few lists where authenticity is a big deal (e.g. full 
disclosure) to do this.
 
It would also be useful to give some guidelines to mailing lists that are going 
to mangle messages of ways in which they can do this without causing grief.
 
The key point about a mailing list is that the user subscribes to it. So an 
email client that is aware of what it is doing can in theory make the right 
choice here.
 
Example
 
Alice 
    signs message
    sends to the Mangle Mailing List
Mangle:
    converts the HTML message into plaintext 
    [optional removes Alice's signature]
    adds the RFC ???? Mailing list headers
    adds a DKIM signature
Carol, Doug, etc mail servers:
    looks at the last signature to be applied first, sees that it verifies
    notes that the signature includes the mailing list headers
    notes that Carol Doug etc have subscribed to this list
    concludes that the message is likely authentic despite being out of 
compliance with SSP 
 
Compared to what is being done today this is a cakewalk. This is a completely 
objective process with no need for AI complete processing.
 
 
If Alice was doing Secure Letterhead then her logotype icon should NOT be 
displayed in this case (signature invalid)
 
But a logotype icon for the list could be displayed.
 

________________________________

From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org on behalf of John Levine
Sent: Thu 13/10/2005 2:58 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Cc: leiba(_at_)watson(_dot_)ibm(_dot_)com
Subject: Re: [ietf-dkim] Re: dkim service




3. If it decides that it should pass, the mailing list should LEAVE the
existing signature (that part is not universally agreed on, of course,


Since the signature won't verify any more, I don't see the point.
There have been some proposals to standardize a header that a verifier
could add to say that it found a good signature, and the outgoing
signer could sign that, but I'm not sure that's any more useful in
practice.  How much list mail do you get where there's a question
about whether the nominal sender really sent a message?  Again, in my
experience it's rare enough that we are reduced to citing individual
spoofed messages.


The mailing list may, of course, choose to re-sign the message even if
it does not mangle it, which is all the more reason to leave the
original (still-valid) signature there.


If the list happens to do little enough to the messages that the
signature still passes, that's fine.  I just want to make sure that
surviving lists is a non-goal, because it's a hopeless swamp.

R's,
John



_______________________________________________
ietf-dkim mailing list
http://dkim.org




_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: New DKIM threat analysis draft, Douglas Otis
Next by Date:  Re: [ietf-dkim] Re: dkim service, Ned Freed
Previous by Thread:  [ietf-dkim] Structure of the threat analysis..., Stephen Farrell
Next by Thread:  RE: [ietf-dkim] Re: dkim service, John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]