Re: [ietf-dkim] Re: DKIM and mailing lists

On Jan 19, 2006, at 12:19 PM, Earl Hood wrote:

> On January 18, 2006 at 10:20, Douglas Otis wrote:
>
> > Modifying the message is already a common practice by list-servers  
> > and resigning a modified message may not overcome restrictions  
> > imposed by a From email-address policy.
> I wonder if there are any legal ramification of modifying messages.  
> It is common for list software to modify messages, but one could  
> consider this a violation of copyright law.  If DKIM gets deployed,  
> legal ramifcations may become more probable.
On the contrary, if not obfuscating the signature causes harm when  
used to abuse the reputation of the list participant, then perhaps  
that would provide a basis to claim damages.  Of course a list can  
issue any AUP they desire, but the general design should be safe.   
Not obfuscating the signature is not safe.

> > In the dkim-options draft, rather than restricting an email- 
> > address, the goal was to identify unique sources and highlight  
> > recognized correspondents.  This included the ability to assert a  
> > signing role such as mediator, as in the case of a list-server.   
> > Adding a signing role avoids difficulties in classifying the  
> > nature of the source and may squelch conflict notifications.
> Would specifying which field a signature is asserting a role  
> against be sufficient?
Not as DKIM is currently specified.  The single character "binding  
and role" assertion in the dkim-options draft can be added to the  
signature and would be upwardly compatible with the current scheme.   
The role could even impose which headers are allowed to be associated  
with the signature, as suggested.

> Note, this does not preclude a signer from including any header  
> field in the signature.  The role assertion only designates which  
> header fields it is applying a role to. This way, a mailing list  
> can add a signature w/o interfering with any SSP of an originator.
On the contrary, SSP interferes with the normal use of the From  
header. : (

> Taking the way SSP is defined now, it only needs to be examined wrt  
> the From field if a signature asserts a role against it.  I.e.  
> Assertions against a known originating field (as defined in  
> RFC-2822) warrant an SSP check.  This will allow domains to apply  
> DKIM signatures on messages without worrying if the domain  
> associated with the originating address disallows third-party  
> signatures since such signatures contain no assertion against an  
> originating header field.
I am not sure I understand this statement.  The SSP needs to be  
checked when the signature does not conform to the domain found in  
the From header email-address, perhaps just the first or all.  (Not  
just when there is no signature as some have suggested.)  Those who  
are hoping what _may_ be visible to the recipient is being checked  
will not want conformance based upon any other header.  Of course,  
what is visible remains within the control of the sender, social  
engineering is a practiced art, and where native languages are being  
used, any protection offered by this scheme remains highly dubious.   
I am sure any phishers listening were delighted by the suggestion  
conformance could be signaled to the recipient.  : o

> Note, this does not address your [Doug] overall concerns about SSP,  
> but only the security problems of allowing third-party signatures  
> as SSP is currently defined.
If a commerce site felt better about publishing a SSP record of  
'o=!', there is no underlying problem with that concept, except it is  
really painful to find this policy amongst millions of other domains  
that still want to use list-servers, e-invites, etc.  Most domains  
make exceptions for large domains because of the constant background  
of abuse coming from their servers.  When DKIM becomes a basis for  
acceptance, that background noise will be amplified a billion fold by  
a replay strategy.  It is also nonsense to suggest that list-servers  
should be held to a higher standard than most large domains.
Jim just suggested that some protection can be achieved using an open- 
ended policy that excludes unsigned messages.  Beyond the issue where  
messages are modified by a list-server and treated as unsigned,  
signed messages may then quickly become the next spam-validating  
commodity.
Not to be critical, but too many decisions have been made from the  
perspective of being a big domain.  For them, recipients want to  
quickly identify these domains to white-list them so they are not  
disrupted by a block-list.  It is like the driver that throws away  
their rear-view mirror because they are the fastest thing on the  
road.  For all those smaller domains, the concerns are much  
different.  What happens when bigdomain.com increases the ratings for  
messages with an email-address policy?  The email-address is then  
assessed for abuse, regardless whether the policy is open-ended or  
not.  Heck, different types of policies are not a problem that  
bigdomain.com ever sees.
-Doug



_______________________________________________
ietf-dkim mailing list
http://dkim.org