ietf-dkim
[Top] [All Lists]

[ietf-dkim] SSP and local parts

2007-12-02 08:58:02
At the time DKIM base was designed and standardized, we wanted it to
be a domain-level signature for a number of reasons, including privacy
concerns.  We also wanted to make it easy for domains to delegate
signing authority to outside parties that might send newsletters and
perform other outsourced services on behalf of the domain.

Delegating a key to an outside party that gives them the ability to sign
any mail from the domain requires a great deal of trust.  In order to
lower the trust requirement to a level where key delegation might more
readily happen, the g= tag in the keys was provided to allow a key to be
delegated where the signing address could not be any address in the
domain, but only those whose local-part matches the g= tag.  The i= tag
in the signature specifies what the signing address is; there is not
a requirement that the signing address match any other address in the
header.

The only time that a local-part is required in the i= address is when
the g= tag in the key being used restricts the signing address from
being anything in the domain.  Under all other circumstances, the
local-part of i= MAY be supplied, or not, at the discretion of the
signer.  In that way, DKIM remains a domain-level signature except when
needed to facilitate delegation.

SSP attempts to match the signing address against the address in the
From: header field in order to determine whether a given signature is an
Originator Signature (that it represents the author of the message).  In
the great majority of cases, the local-part of i= will not be present,
and this comparison will be based on domain name only.

If the local-part of the From address isn't compared when there is a
local-part of i=, a serious exploit is possible.  Suppose a party to
whom signing authority for a specific address, e.g.,
newsletter(_at_)example(_dot_)com, signs messages allegedly from other 
addresses in
the domain for which they are not authorized.  While they could create a
valid signature using i=newsletter(_at_)example(_dot_)com, this should not be
accepted by verifiers as an Originator Signature, any more than a
signature from a completely different domain.  Without the local-part
comparison, this would be accepted as an Originator Signature counter to
the domain owner's intent to delegate the key for a narrower use.

If the intent is to enhance user anonymity, the local-part of i= should
be left blank, so that it will match any local-part in the domain, and
not populated with other tokens or identifiers.  If the signer is
interested in additional tracking information, either the t= timestamp
can be used or a private tag can be added, since an unrecognized MUST be
ignored by the verifier.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>