Re: [ietf-dkim] Re: DKIM and mailing lists
2006-01-23 18:38:50
On Jan 23, 2006, at 1:51 PM, Frank Ellermann wrote:
Douglas Otis wrote:
The proposal for the 'w=?' parameter is to identity three roles.
The MSA, mediator, and MDA.
An MSA probably knows what it is, also if it delegates the signing
to an additional "mailout" MTA. I'm not sure about mediator vs.
MDA, do they always know what they are ? Is that an important
difference in your SSP-alternative ?
Just as the 's=' and 'i=' need to be established, consistent with
various rules, so would the 'w=' as a means to indicate both what
role the signature represents, but also what elements within the
message have been verified.
And do you really mean MDA, not maybe MRN ?
The MDA signature role could encompasses any receiving MTA within the
receiving AdmD. I am not sure if that is the same as the MRN.
If DKIM-aware MRNs wish to reject mails based on DKIM-checks they
can't check at the MDA, they've to do it at their border (= MXs).
Exactly. The term MDA signature could read "a signature only
suitable for the MDA". The MDA signature provides a secure means to
both overlay incoming signatures with a verification result and yet
ensure the message is not spoofed by an injection into the receiving
AdmD. The MDA signature could not be used to stage a replay attack,
as only an MDA within the domain of the MDA signature would accept
the message. Any abuse in that case would be within the control of
the receiving AdmD and should not impact the reputation of the
sending MTA.
The MDA is intended to provide a non-deliverable signature
Shaky. I understand only very small pieces of your w-model, if at
all, but IIRC that part was about protection against replay attacks
abusing the signature of the sender.
The MDA signature would be an optional method to protect messages,
when incoming signatures are overlaid with the result of the
verification. The overlay protects against any recipient within the
receiving domain from using the message to stage a replay attack.
This keeps the receiving domain off the DKIM-Abuse-list. Adding the
MDA signature at the edge of the AdmD where the overlay should occur,
protects the message as it travels to the MDA.
In other words the sender has to trust that the receiver gets this
protection at his MDA (or before it) right.
When the sender finds that their messages are being replayed (perhaps
a bad actor has gained access within the sending domain), when the
receiving domain fails to protect the signature from this type of
abuse, the sender may choose not to sign messages for that
destination, or perhaps someday not send messages to that
destination. The signature overlay strategy allows holding the
domain accountable, rather than dispersing accountability to each
email-address when signatures are not overlaid. Such dispersion of
accountability at the email-address would create an impossible
situation to manage.
there are more mediators than just list-servers.
Good, bad, and ugly (the latter for "canonicalization") list
servers, the "bad" cases also cover gateways. Then forwarders, for
DKIM they are all good, more or less the opposite situation as with
SPF, where lists are all good.
What other mediators do you have in mind ? The moderator of an
article submitted to more than one moderated group could be a
special case, and at the moment I can't say how that works. But in
essence they only add "Approved" until either all moderators
approved it, and the last injects it into NetNews, or one of them
rejects it.
A mediator would be those MTAs offering a service where the message
is not directly from the author identified by the From. Such
messages are subjected to modifications or the inclusion of
modifications or content beyond the direct control of the author,
while still using the same From header. This could include gateways,
but may include other types of services. In the case where incoming
messages routinely have their signatures overlaid, even simple
forwarding where only the RCPT TO: header is being changed should
fall within this category. Depending upon the level of
implementation of the forwarding agent, the signature may retain the
role of MSA, or be altered to accurately indicate the role of the
mediator. This uncertainty of roles should not cause any problems
for the recipient, as they specifically establish this arrangement.
It would be helpful to retain original signature headers where only
the 'b=' parameter is overlaid with the verification results.
Stripping these signature headers could inadvertently remove valuable
information. When resending these messages by an mediator, the most
recent MSA header should be retained as overlaid. Any sending of a
message should remove the MDA signatures. When sending, an MSA
should remove any mediator signatures. When receiving, the MDA
signature should retain the most recent mediator and MSA signatures
as overlaid.
Caught in my outbound: Of course, forwarders supporting PRA try
their magic with Sender or Resent-* header fields. That could be
also "bad". Why am I not surprised, sigh...
That too would be an example of a mediator. Assume that the
recipient uses source identifiers (which may be the From address:MSA
signature) to recognize and highlight a previous correspondent.
Assume that messages from list-servers (From address:mediator
signature) should not raise a conflict, but rather are treated as a
difference class of message sources. Each role can be highlighted
differently and registered separately, or simply ignored as less
important. I'll refrain from creating a table of happy faces with
different color schemes. : )
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [ietf-dkim] WEAK (was: DKIM and mailing lists), (continued)
- Re: [ietf-dkim] Re: DKIM and mailing lists, Miles libbey
- Re: [ietf-dkim] Re: DKIM and mailing lists, Dave Crocker
- Re: [ietf-dkim] Re: DKIM and mailing lists, Stephen Farrell
- Re: [ietf-dkim] Re: DKIM and mailing lists, Dave Crocker
- Re: [ietf-dkim] Re: DKIM and mailing lists, Douglas Otis
- [ietf-dkim] Re: DKIM and mailing lists, Frank Ellermann
- Re: [ietf-dkim] Re: DKIM and mailing lists,
Douglas Otis <=
- [ietf-dkim] terminology (was: DKIM and mailing lists), Frank Ellermann
- Re: [ietf-dkim] DKIM and mailing lists, Dave Crocker
- Re: [ietf-dkim] DKIM and mailing lists, Jim Fenton
- Re: [ietf-dkim] DKIM and mailing lists, Dave Crocker
Re: [ietf-dkim] DKIM and mailing lists, Hector Santos
RE: [ietf-dkim] DKIM and mailing lists, Hallam-Baker, Phillip
|
|
|