ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue #1524: Signature semantics

2007-12-13 13:40:16

On Dec 12, 2007, at 2:56 PM, Hector Santos wrote:

Doug,

I would like to know one thing:

 When does a signer expect when his signature to be broken?

When sending to a mailing list, would be one example. : )

or

 When is it reasonable for a signer to believe his signature
 can be broken? and if so, what does he expects to happen?

In the case of a "strict" assertion that "all messages are signed" is reasonable. That verifiers MUST consider unsigned or broken signatures having a From email-address within their domain as "Suspicious" is not a meaningful assertion.

A domain can only assert what they DO, and not what others MUST THINK!

The "strict" assertion should be defined as "this domain signs all messages originating from this domain" AND "this domain avoids services that might damage DKIM signatures". Then the domain is asserting what they DO, and not what the verifier MUST THINK.

I mean, after all, this is all about mail integrity and an attempt at non-repudiation. It gets to a point where if a domain is going to begin to digitally sign its mail, then there is a reasonable expectation that it will be non-repudiated.

A valid DKIM signature ensures non-deniability or non-repudiation of having handled the message. DKIM, by itself, makes no assertions regarding the validity of message content.

By definition, non-repudiation occurs when all participants agree that something is true.

A valid DKIM signature only means the signing domain has handled the message. What do you think it means?

So given our current email infrastructure what steps are taken to ensure full or partial non-repudiation?

Huh? Either the signature is valid or it is not.

There has to be some statements of facts, and in my opinion, a domain signing his mail under a set of conditions he holds to be true, can only non-repudiated if the receiver can hold him to these expected true conditions.

SSP records are not signed. SSP records are published within DNS for a duration of seconds or years. SSP can not offer non-deniability or non-repudiation.

If the domain says "I'm the exclusive signer," than nothing should repudiate that true condition of exclusivity.

You appear to be confusing a concept of non-repudiation with fairly temporal operational assertion.

A domain may assert "this domain signs all messages" AND "this domain avoids services that might break signatures". This assertion can not ensure all messages received containing a From header email-address within this domain are illegitimate or somehow in conflict with their assertion. Dealing with email is _never_ that simple. These assertions provide information that can be used to better evaluate message content. These assertions should not be aimed at telling verifiers what to DO or what to THINK, especially when such actions or thoughts might be wrong!

If the domain expects a different set of relaxed conditions that can be repudiated, then he really shouldn't be signing his mail or have his signed by others and still expect verifiers to waste its time with it trying to reach an impossible state of non-repudiation.

Any valid DKIM signature offers non-repudiation.

It can't be both ways Doug. Something is got to give here.

A DKIM signature does not ensure validity or conversely invalidity of message content. Are you suggesting a domain signing a message with "all" assertions (that essentially implies "this domain signs all messages") must also authenticate identities associated with the "on- behalf-of" email-address? In my view, authenticating identities associated with email-address goes beyond what MTAs are currently equipped to safely assure AND this WG's charter as well.

The only consideration a domain may wish to make might be to refuse message submissions containing From headers where the foreign domain has made a "strict" assertion. While this could be about "reputation" when such act causes a domain to be removed from a list of acceptable third-party signers, this should be ignored in order to resolve other issues first. Messages containing From headers with email-addresses of domains with "strict" assertions might cause acceptance problems. These exceptions may also involve a signing domain with possible acts of fraud. What should DKIM be saying about a signers obligations regarding assurances of email-address ownership?

TPA-SSP provides a means for domains wishing to communicate with other domains asserting "strict" and avoid interruptions created by dogmatic policy handling. TPA-SSP can scale to accommodate a sizeable list of domains which might become necessary to ensure uninterrupted communications. In other words, without the TPA-SSP mechanism, a "strict" assertion _will_ create problems that are either impossible or unsafe to resolve using ad hoc key exchanges or DNS delegations.

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html