ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: DKIM and mailing lists

2006-01-19 13:43:56
from [Earl Hood] [Permanent Link] 
On January 18, 2006 at 10:20, Douglas Otis wrote:


Modifying the message is already a common practice by list-servers  
and resigning a modified message may not overcome restrictions  
imposed by a From email-address policy.


I wonder if there are any legal ramification of modifying messages.
It is common for list software to modify messages, but one could
consider this a violation of copyright law.  If DKIM gets deployed,
legal ramifcations may become more probable.


In the dkim-options draft, rather than restricting an email-address,  
the goal was to identify unique sources and highlight recognized  
correspondents.  This included the ability to assert a signing role  
such as mediator, as in the case of a list-server.  Adding a signing  
role avoids difficulties in classifying the nature of the source and  
may squelch conflict notifications.


Would specifying which field a signature is asserting a role against
be sufficient?  For example, an originating domain may assert against
the originating header fields From, Sender, and/or Reply-To.  A mailing
list could assert against the List-ID and possibly any other List-*
header fields.

Note, this does not preclude a signer from including any header field
in the signature.  The role assertion only designates which header
fields it is applying a role to.  This way, a mailing list can add
a signature w/o interfering with any SSP of an originator.

Taking the way SSP is defined now, it only needs to be examined
wrt the From field if a signature asserts a role against it.  I.e.
Assertions against a known originating field (as defined in RFC-2822)
warrant an SSP check.  This will allow domains to apply DKIM signatures
on messages without worrying if the domain associated with the
originating address disallows third-party signatures since such signatures
contain no assertion against an originating header field.

Note, this does not address your [Doug] overall concerns about SSP,
but only the security problems of allowing third-party signatures as
SSP is currently defined.

--ewh

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM and mailing lists, Earl Hood
Next by Date:  Re: [ietf-dkim] DKIM and mailing lists, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] Re: DKIM and mailing lists, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Re: DKIM and mailing lists, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]