On Mon, 17 Oct 2005, Jim Fenton wrote:
Is that the same as saying that for purposes of forgery protection (rather
then establishing "some" identity for reputation/accreditation by means of
the signature) DKIM focuses only on the "From" header field?
[Yes I understand its not 100% only from in case of multiple addresses]
Yes, although I'm reluctant to use the term "forgery" because it means
different things to different people. We are not providing a signature
from the author him/herself, so it could be argued that we aren't
providing forgery protection at all.
Ok, lets call it protection of identity spoofing by unauthorized parties
then (I'm pretty sure even when I said forgery people on this technical
list knew exactly what I mean).
[text from reply reordered]
The people we're trying to help are the ones who won't can't do that
additional setting to make Sender visible. And I'm not satisfied with
helping 50% of the clients.
Lets suppose for a moment that email client change and we have another
visible header field that close to 100% can see and that also needs
to be protected or lets say we have another header field that some,
including signer (but not all) want to be protected.
Since you've made DKIM signature and SSP specific to particular identity,
that would prevent from being able to use the signature to provide
anti-spoofing protection for that new field and require working out
new mechanism....
Also let me remember of of SPF which in 2004 had scope mechanism (format
otherwise looked very much like what we see now), but then it was dropped
because only one particular identity was thought to have majority support
(based on that particular mail list constituency) to be protected but
after the deployment we see real need of scoping and know it was a mistake
because the same SPF syntax is quite usable for protecting other identities.
So, unless you have real big problem with being just slightly more verbose,
please specify by additional tag that for anti-spoofing, you're focusing
on "from". If there is support to introduce anti-spoofing protect for
another field, it would then be easy and not cause any potential conflicts
with existing installed base.
In that case I'd expect that you should try to make sure the signature
from original sender (ok - from person listed in From) survives cases
of mail lists and instead I hear some people on this list saying that
we should not even try.
This is a difficult question, because anything we do to accommodate mailing
lists introduces new vulnerabilities. Anything that accommodates the
addition of ads by mailing lists (since some are advertising-supported) also
accommodates the addition of undesirable content to messages, unless you
know exactly who the "good" mailing lists are.
While in process of making a reply I've decided that it would be best to
move it into separate message and subject. See my next message.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org