On Dec 18, 2007, at 9:58 AM, Hector Santos wrote:
Douglas Otis wrote:
Neither an "invalid signature" nor "no signature" offers a safe or
any significant difference for non-repudiation. Your assumption
appears based upon a invalid signature offering greater confidence
in a message source than would no signature.
On the contrary, less confidence on what a true NO signature
condition provides.
This dubious strategy provides a significant incentive for bad actors
to insert "bogus" DKIM signatures.
Would it matter whether the signature hash is valid, but the signature
is not?
Would it matter whether the hash is wrong, but the signature matches
with the invalid hash?
What level of forensics should invalid signatures entail?
What is reasonable to expect of a DKIM verifier's resources?
IOW, by lumping a broken signature, promoted to no signature status,
then you have what you say is true.
This still gives credit to an invalid signature which might be for
lying. Lying is already being abused.
The fallout of giving credit for lying would be to accelerate a need
for DKIM resource triage. Any domain found emitting invalid
signatures is likely to be identified as wasting these DKIM
resources. The vast majority of messages are undesired, where DKIM
already affords signers a sizeable advantage over that of verifiers.
Signing a message requires a one-time effort which can be disseminated
many fold. Add to this, an influx created by giving partial credit to
bogus DKIM signatures. In all likelihood, when confronting rampant
bogus signature abuse, _any_ source found emitting invalid signatures
may find their messages blocked, or at least excluded from a DKIM
validation process.
The only way to ensure DKIM signatures are not abused requires NOT
giving _invalid_ signatures _any_ credit over that of _no_
signatures. The base draft specifically declares "no" signature is
equivalent to "invalid" signatures. A means to ensure your outbound
MTA is not seen as producing "bogus" signatures requires removal of
known invalid signatures. This mode of protection therefore means
advice given in the DKIM base specifications regarding interpretation
are ill-considered. Some like to learn the hard way.
So its not giving it more confidence, but rather it us removing
confidence away from the 100% assurance and benefits the ALL and
STRICT policy provides.
This is just semantics. Any added weight for bogus signatures _will_
be abused.
David wanted to see the threats and issues of SSP policies. IMO,
this is one of them.
We agree, but for entirely different reasons.
Giving a message with a broken signature credit is a dangerous
policy.
True. But giving it credit wasn't the point here.
Sigh.
Section 4.2 is not clear that this prohibition on signature removal
is to be for issuing a "different" message from the one originally
signed.
Well, according to,
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Mailman is already stripping and replacing signatures:
"A representative of another type of mailing lists
is Mailman, which often modifies mail body and strips out
original signatures, unless explicitly configured not to."
Mailman then has an extremely good default. A strategy that gives
credit to bogus signatures spells disaster. Signers therefore should
be prepared for the fallout created by ill-considered strategies.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html