On Oct 24, 2005, at 1:29 PM, william(at)elan.net wrote:
Is the latest charter going to be published soon?
Am I correct in reading the latest SSP draft that:
1. It changes the originator entirely to From and now instead of
using
Sender header field value (as per RFC2822) to decide cases of
multiple
From addresses, the first one in From header field is used?
This also changes an attack scenario into perhaps creating a non-
displayed or confusing initial From email-address such as "The office
of". The next step for SSP could be to rule out the use of the From
header with multiple email addresses. After all, this draft already
disallows typical emails being signed by a provider. Why were these
changes not discussed? The desire to keep the signing entity visible
makes S/MIME or OpenPGP seem less disruptive and safer from that
perspective. Why replicate that effort?
2. It changes the meaning of 3rd party to be entity other then who
is listed in From who sends or resends the message and adds Sender
header field?
It is worse than that, providers are not allowed to sign typical
emails without creating a fair amount of support calls. I thought we
were past this mistake.
2.9 Verifier Acceptable Third Party Signature
...
,---
| Verifiers SHOULD NOT accept signatures from identities
| that have no known relationship with the message other than their
| appearance in the "DKIM-Signature" header.
'___
This overlooks perhaps stelar conduct by the "third-party" signer.
The photo-kiosk at Wally World may not be able to send grandma the
two dollar gif photo of the kids on the Moose ride after-all, even
after signing the message and adding the Sender header. The photo-
kiosk has no control over From policies or what is white-listed by
the recipient. This lowers delivery integrity for messages within a
large segment of the industry, where name-based reputation and
listing would have provided significant value.
SSP seems determined only the From and perhaps the Sender headers
matter. The From header may have a minor relationship with who is
introducing the message and no relationship with who is signing the
message. If "phishing" were solved as a special case for a small
number of troubled domains, would DKIM protecting the email message
transport system rather than a particular header then make sense? If
the effort is to ensure the signing entity is visible, an interim
"special case" with a dedicated service for DKIM could be
established, otherwise OpenPGP or S/MIME might be better used instead.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org