[ietf-dkim] Meaning of x= and DKIM signatures in general
2006-04-12 22:29:36
The more I think about x=, the less I understand what it means. I think
what we have here is a fairly fundamental disconnect about the meaning of
a DKIM signature. These questions arose in the context of x= but they all
remain an issue if you take out x= and replace it with "maximim message
transit time".
My understanding of a DKIM signature is that it's the same idea as the
clip at the end of a political ad where the candidate says "I'm Joe Blow
and I approved this message". The signature doesn't mean that the signer
wrote the message or originated it, it just means that the signer approved
it, and you can blame the signer if you don't like it.
There were two main reasons we decided to tell people to check DKIM
signatures sooner rather than later after they're signed. One is that
signers aren't expected to keep verification keys available for a long
time (unlike, say, S/MIME where signing keys have lifetimes measured in
years if not decades), and we're using decent but not fabulous crypto so
although we're reasonably confident that a bad guy can't crack a signature
in a week, we're much less confident about what he can do in five years.
The older a signature is, the less credible it is, but the credibility
fades as it ages, it doesn't suddenly disappear.
But x= is like a candidate saying "I'm Joe Blow and I approved this
message, but only if you're seeing it before next Wednesday." Huh? I can
see how a message could become irrelevant (the election was on Tuesday, or
an e-mail message has a bond price good for ten minutes), but that's not
at all the same thing as saying you signed it then, but you unsigned it
later.
So here's some scenarios. You can assume that the x= value was a week
after the signing time (or in the absence of x= the maximum transit time
was a week), the verification key is still available, and there hasn't
been a crypto crack that makes it trivial to spoof SHA-1 hashes.
A) I am a client of TiredMail, which does not support DKIM but does
timestamp mail as it's dropped into my mailbox, typically a few minutes
after the mail was sent. So I use a spiffy MUA which can do DKIM checks
as I pick up my mail. I go on vacation for two weeks, and don't pick up
my mail until I come back. Is it OK to verify the mail using the time
each message was put in my mailbox as the verification time? If not, what
bad things will happen if I do?
B) Your friend Fred runs the IT department for an organization that
carefully archives all of its mail due to HIPPA, SEC, and SarbOx rules.
Because he is a belt and suspenders kind of guy, he also archives the DKIM
verification key records when they check the DKIM signatures as mail
arrives. Unfortunately, his programmer was the boss' incompetent nephew
and a year later he found that all of the DKIM checks were screwed up,
although the saved keys are OK. Is it OK to recheck the signatures using
the saved keys? If not, what bad things will happen if he does?
B 1/2) If he hadn't saved the keys, would it be OK to recheck the
signatures for which the keys are still available? Again, if not, what
bad things will happen if he does?
C) You duck out of the rain into a building which turns out to be a
courthouse. A trial is in progress in which a guy is accused of sending
e-mail containing terroristic child pornography, but since the guy is not
too swift, he sent it through his ISP which put on a DKIM signature and
trace info pointing directly at the guy's PC. The prosecutor brandishes a
signed messaage and matching verification key. "You can't prove anything,"
says the guy's lawyer, "because this message was signed six months ago but
its signature was only valid for a week." The judge recognizes you as a
DKIM expert (you were in the music video made to celebrate the release of
the DKIM standard as RFC 5000) and has a bailiff escort you up to the
witness stand and swear you in. The judge asks you whether the DKIM
signature and the trace information means that the message came from the
guy's computer. What do you say?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
|
|