ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] Issue #1524: Signature semantics

2007-12-13 13:49:35
Wordy answer but +1 on what a dkim sig means 


Bill Oxley
Messaging Engineer
Cox Communications
404-847-6397

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Douglas Otis
Sent: Thursday, December 13, 2007 3:36 PM
To: Hector Santos
Cc: ietf-dkim WG
Subject: Re: [ietf-dkim] Issue #1524: Signature semantics


On Dec 12, 2007, at 2:56 PM, Hector Santos wrote:

Doug,

I would like to know one thing:

 When does a signer expect when his signature to be broken?

When sending to a mailing list, would be one example. : )

or

 When is it reasonable for a signer to believe his signature
 can be broken? and if so, what does he expects to happen?

In the case of a "strict" assertion that "all messages are signed" is  
reasonable.  That verifiers MUST consider unsigned or broken  
signatures having a From email-address within their domain as  
"Suspicious" is not a meaningful assertion.

A domain can only assert what they DO, and not what others MUST THINK!

The "strict" assertion should be defined as "this domain signs all  
messages originating from this domain" AND "this domain avoids  
services that might damage DKIM signatures".  Then the domain is  
asserting what they DO, and not what the verifier MUST THINK.

I mean, after all, this is all about mail integrity and an attempt  
at non-repudiation.  It gets to a point where if a domain is going  
to begin to digitally sign its mail, then there is a reasonable  
expectation that it will be non-repudiated.

A valid DKIM signature ensures non-deniability or non-repudiation of  
having handled the message.  DKIM, by itself, makes no assertions  
regarding the validity of message content.

By definition, non-repudiation occurs when all participants agree  
that something is true.

A valid DKIM signature only means the signing domain has handled the  
message.  What do you think it means?

So given our current email infrastructure what steps are taken to  
ensure full or partial non-repudiation?

Huh? Either the signature is valid or it is not.

There has to be some statements of facts, and in my opinion, a  
domain signing his mail under a set of conditions he holds to be  
true, can only non-repudiated if the receiver can hold him to these  
expected true conditions.

SSP records are not signed.  SSP records are published within DNS for  
a duration of seconds or years.  SSP can not offer non-deniability or  
non-repudiation.

If the domain says "I'm the exclusive signer," than nothing should  
repudiate that true condition of exclusivity.

You appear to be confusing a concept of non-repudiation with fairly  
temporal operational assertion.

A domain may assert "this domain signs all messages" AND "this domain  
avoids services that might break signatures".   This assertion can not  
ensure all messages received containing a From header email-address  
within this domain are illegitimate or somehow in conflict with their  
assertion.  Dealing with email is _never_ that simple.  These  
assertions provide information that can be used to better evaluate  
message content.  These assertions should not be aimed at telling  
verifiers what to DO or what to THINK, especially when such actions or  
thoughts might be wrong!

If the domain expects a different set of relaxed conditions that can  
be repudiated, then he really shouldn't be signing his mail or have  
his signed by others and still expect verifiers to waste its time  
with it trying to reach an impossible state of non-repudiation.

Any valid DKIM signature offers non-repudiation.

It can't be both ways Doug. Something is got to give here.

A DKIM signature does not ensure validity or conversely invalidity of  
message content.  Are you suggesting a domain signing a message with  
"all" assertions (that essentially implies "this domain signs all  
messages") must also authenticate identities associated with the "on- 
behalf-of" email-address?  In my view, authenticating identities  
associated with email-address goes beyond what MTAs are currently  
equipped to safely assure AND this WG's charter as well.

The only consideration a domain may wish to make might be to refuse  
message submissions containing From headers where the foreign domain  
has made a "strict" assertion.  While this could be about "reputation"  
when such act causes a domain to be removed from a list of acceptable  
third-party signers, this should be ignored in order to resolve other  
issues first.  Messages containing From headers with email-addresses  
of domains with "strict" assertions might cause acceptance problems.   
These exceptions may also involve a signing domain with possible acts  
of fraud.  What should DKIM be saying about a signers obligations  
regarding assurances of email-address ownership?

TPA-SSP provides a means for domains wishing to communicate with other  
domains asserting "strict" and avoid interruptions created by dogmatic  
policy handling.  TPA-SSP can scale to accommodate a sizeable list of  
domains which might become necessary to ensure uninterrupted  
communications.  In other words, without the TPA-SSP mechanism, a  
"strict" assertion _will_ create problems that are either impossible  
or unsafe to resolve using ad hoc key exchanges or DNS delegations.

-Doug
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html