ietf-dkim
[Top] [All Lists]

[ietf-dkim] Meaning of x= and DKIM signatures in general

2006-04-12 22:29:36
The more I think about x=, the less I understand what it means. I think what we have here is a fairly fundamental disconnect about the meaning of a DKIM signature. These questions arose in the context of x= but they all remain an issue if you take out x= and replace it with "maximim message transit time".

My understanding of a DKIM signature is that it's the same idea as the clip at the end of a political ad where the candidate says "I'm Joe Blow and I approved this message". The signature doesn't mean that the signer wrote the message or originated it, it just means that the signer approved it, and you can blame the signer if you don't like it.

There were two main reasons we decided to tell people to check DKIM signatures sooner rather than later after they're signed. One is that signers aren't expected to keep verification keys available for a long time (unlike, say, S/MIME where signing keys have lifetimes measured in years if not decades), and we're using decent but not fabulous crypto so although we're reasonably confident that a bad guy can't crack a signature in a week, we're much less confident about what he can do in five years. The older a signature is, the less credible it is, but the credibility fades as it ages, it doesn't suddenly disappear.

But x= is like a candidate saying "I'm Joe Blow and I approved this message, but only if you're seeing it before next Wednesday." Huh? I can see how a message could become irrelevant (the election was on Tuesday, or an e-mail message has a bond price good for ten minutes), but that's not at all the same thing as saying you signed it then, but you unsigned it later.

So here's some scenarios. You can assume that the x= value was a week after the signing time (or in the absence of x= the maximum transit time was a week), the verification key is still available, and there hasn't been a crypto crack that makes it trivial to spoof SHA-1 hashes.

A) I am a client of TiredMail, which does not support DKIM but does timestamp mail as it's dropped into my mailbox, typically a few minutes after the mail was sent. So I use a spiffy MUA which can do DKIM checks as I pick up my mail. I go on vacation for two weeks, and don't pick up my mail until I come back. Is it OK to verify the mail using the time each message was put in my mailbox as the verification time? If not, what bad things will happen if I do?

B) Your friend Fred runs the IT department for an organization that carefully archives all of its mail due to HIPPA, SEC, and SarbOx rules. Because he is a belt and suspenders kind of guy, he also archives the DKIM verification key records when they check the DKIM signatures as mail arrives. Unfortunately, his programmer was the boss' incompetent nephew and a year later he found that all of the DKIM checks were screwed up, although the saved keys are OK. Is it OK to recheck the signatures using the saved keys? If not, what bad things will happen if he does?

B 1/2) If he hadn't saved the keys, would it be OK to recheck the signatures for which the keys are still available? Again, if not, what bad things will happen if he does?

C) You duck out of the rain into a building which turns out to be a courthouse. A trial is in progress in which a guy is accused of sending e-mail containing terroristic child pornography, but since the guy is not too swift, he sent it through his ISP which put on a DKIM signature and trace info pointing directly at the guy's PC. The prosecutor brandishes a signed messaage and matching verification key. "You can't prove anything," says the guy's lawyer, "because this message was signed six months ago but its signature was only valid for a week." The judge recognizes you as a DKIM expert (you were in the music video made to celebrate the release of the DKIM standard as RFC 5000) and has a bailiff escort you up to the witness stand and swear you in. The judge asks you whether the DKIM signature and the trace information means that the message came from the guy's computer. What do you say?

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html