Michael Thomas replied to Doug Otis:
What are the mitigations?
They're secret. And obvious.
Surreal.
What part of RFC4871 section 4.1 paragraph 3:
Signers SHOULD NOT remove any DKIM-Signature header fields from
messages they are signing, even if they know that the signatures
cannot be verified.
is not clear?
Michael,
I see a recommendation (SHOULD NOT) there, not a requirement (MUST NOT).
Although in principle I agree with you, from a MLS designer standpoint
there are engineering considerations where a strip and/or strip/replace
may apply. It depends on the input and what is expected for the output
to keep with protocol consistency. It depends on SSP.
Your 99.6% is impressive but also dubious since you haven't spelled out
the various system parameters, processors, list configurations involved,
such as:
- What MLS software are we talking about? one or any one?
- Are they DKIM or DKIM/SSP ready?
- Are they resigning?
- Where is this 99.6% verification place? At the downlinks?
- What munging options are enabled for the various list?
- If mail is being munged, in particular adding subject list name
tags, how do you get around new postings, rinse repeat,
new postings, not responses, getting munged thus initiating the
alteration and invalid signature?
Responses are fine for validation. The subject tag has been altered and
stable now within reply messages and by using a length, you can exclude
footers thus achieve a high validation. I can see that.
But I don't see how you have wide control over any original submission
alteration destroying your original signature.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html