ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue #1524: Signature semantics

2007-12-12 09:59:41
Stephen Farrell wrote:
Hi Jim,

Jim Fenton wrote:
  
SSP does require one additional semantic over that of DKIM-base:  in
addition to taking responsibility for the message, those domains that
publish SSP records other than "unknown" must assert that, when the
address in the From: header field is really their domain, that this is
actually true.  
    

That statement isn't very clear to me.

Do you mean: When a domain publishes an SSP != unknown, then it
states that it does not emit messages where the rfc2822.from
domain is outside its own domain?

If so:

- "emit" and "outside" would need defining
- should that be "messages" or "signed messages"

If not, I'm confused.
  

The answer is "no" so let me try again.

Suppose example.com publishes SSP "all".  It signs a message with
resulting header fields:

From: Jim Fenton <fenton(_at_)cisco(_dot_)com>
DKIM-Signature: (_dot_)(_dot_)(_dot_)i=(_at_)example(_dot_)com;...

No additional assertion regarding the From: address is made in this
case.  example.com is just taking responsibility for the message; it
might be doing so because it operates a mailing list or because it
allows subscribers to mail articles from "The Example Times" to their
friends.

Now suppose it signs a message with resulting header fields:

From: John Doe <jdoe(_at_)example(_dot_)com>
DKIM-Signature: (_dot_)(_dot_)(_dot_)i=(_at_)example(_dot_)com;...

In this case, the signer must make an assertion that the message indeed
originates from their domain, because a verifier using SSP depends on
the ability to correlate the From: address to the signing address.

We are depending on an assertion regarding the From: address when it
should be easy to provide:  when that address is the same as that of the
signer, and not when it's difficult:  when that address is something else.

Again, I am not considering the issue of whether the address comparison
includes the local-part, because that's being covered under issue #1399.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html