Earl Hood wrote:
On October 13, 2005 at 16:24, Jim Fenton wrote:
I've brought up the issue of signer roles, but it appears
to have been rejected or gained no traction.
An attacker can easily add headers to assert that they're a mailing list
(albeit one you haven't heard of), resender, etc. and sign them. I
don't think there is any way to prove what the signer role is.
There is no way to prove that a signing domain, and what it signs,
can be trusted (the reason trust systems must exist). So how is
specifying the role any different from what else is signed?
If there is an OA signature, there's one less degree of freedom and I
have a better assurance that the message actually came from the domain
of the From address. For other signatures, it doesn't really matter
what the role of the signer is: anyone can be a "mailing list" if they
want to. So it isn't so much that specifying the role is different from
anything else that is signed, it is that the role must be irrelevant to
any decisions I make about handling the message since a signer-attacker
can assume any role they want.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org