ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: SSP and Sender header field

2005-10-26 20:30:09
On October 26, 2005 at 21:51, Frank Ellermann wrote:

a signer can bind to Sender, From, Resent-Sender, etc.

IMHO it's impossible to improve PRA, and PRA isn't good enough.
Impossible from an DKIM POV (= independent of SMTP Mail From),
and ignoring all "solutions" based on worldwide upgrades.

I'm not asking about "improving" PRA.  What I am asking about is the
signer explicitly states what OA field the signature binds to.

Mailing lists that change the Sender can bind its signature
to it, independent of what is in the From and avoiding any
restrictions on From's SSP.

Okay.  I'd say that lists _changing_ 2822 header fields are
at best utter dubious, and that DKIM shouldn't waste too much
time with broken list software.  Why not simply promise to sign
the List-ID in the SSP of the list ?

Yes, the List-Id would be a better choice for mailing lists.

If you're talking about lists with their own SSP.  But I don't
see how that could help if a bad actor claims to be a list, and
to send mail "from" ebay.  Somehow the SSP of ebay must be able
to say "lie" no matter what the phisher-disguised-as-list does.

Yep, and something I pointed out on ietf-mailsig awhile back about when
commenting on the first DKIM drafts.  I.e. DKIM has this problem if SSP
enables 3rd-party signing.  Many users may enable 3rd-party signing,
especially if they utilize a 3rd-party mailer to send out messages;
the From will be of one domain while the Sender will be of another.

If binding to any OA is allowed, it provides more information to
MTAs when deciding on the trustworthiness of a message.  For example,
if a signature binds to From, and the sig verifies (crypto and SSP),
the MTA has a good indication the message is from whom it says it is
from (domain-wise).

If the sig binds to Sender and verifies, the MTA may still have some
doubt (unless the Sender domain matches the From domain).  In this
case, more checks may be done on the message before determining
its disposition.

Any verification results inserted by the MTA must be clear on what
OA header field a signature verifies against.

Specifing the OA header field a sign binds to may address Resent-*
scenarios.

IMHO, if robust anti-spoofing is desired, MUA support is needed.
MUAs have much greater capabilities of displaying verification results
to the end-user versus anything an MTA can do.

Having SSP be From-centric limits it capabilities and provides a
false sense of security wrt anti-spoofing and limits the usability
of DKIM by some entities.

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org