ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages

2007-12-09 21:55:32
The purpose of SSP is to detect unauthorized domain use.  This can
not be achieved if the spec assumes that a signature from just
anybody what-so-ever is OK.

But that's not what Dave said.  He said that if there's a signature, a
receiver doesn't do SSP.

Ok sorry, I had thought that "what-so-ever is OK" would be understood in the context of skipping SSP. Let me state it clearer:

The purpose of SSP is to detect unauthorized domain use. This can not be achieved if the spec allows the existence of any signature from just anybody what-so-ever to skip SSP.

It remains up to the receiver to decide what to do with the message,
> including deciding what its opinion is of the signing domain.
>
To offer some concrete examples, if I get mail signed by nytimes.com
with your domain on the From: line, I'm going do deliver it no matter
what your SSP says, because I know that the Times doesn't send spam.
Even if you have a firm corporate policy that your users aren't
allowed to send mail from the Times' web site and a fierce SSP to
match, that's not my problem.

Conversely, if I get mail signed by a sleazy domain in Nigeria that's
never sent me mail I wanted, I'm going to junk it.

The problem is when you get a signature from an identity that you have no information on. This is precisely the case in which SSP is needed and precisely the case which is rendered impotent by Dave's proposed change.

Incidentally, this chronic misreading of "the signature identifies the
responsible domain" as "accept the message" (not just by one person)
tells me that we have some significant misunderstandings about what
DKIM does and doesn't do.

I'm certainly not making that mistake. I'm saying that SSP can not be skipped just because there's a signature present from anybody at all. That doesn't equate to "accept the message."

Imagine a message signed by A but with B as the domain in the From. If A is not a clear-cut case such as those you've cited (Nytimes.com or Nigeria) it would be enormously useful to check the policy of B, see whether they sign all messages, and then do what you want with the message based on this added knowledge. But checking the policy of B would be precluded if the mere existence of a signature by A means you don't check with B at all! This is what I claim would be an epic mistake.

Arvel


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>