Re: [ietf-dkim] Seriously.


On Jan 24, 2008, at 11:54 AM, Jim Fenton wrote:

Douglas Otis wrote:
The Author's email-address is not contained within the Senderheader. When a message is not complaint with policy, the signingdomain MUST NOT apply their signature.SSP confirms the policy of the signing domain when policy is notalready apparent via their signature. SSP is not about the policyor identity of the author as you seem to suggest.
First two sentences:  Agree
Second two sentences:  Disagree strongly.
Policy associated with a valid signature more properly belongs inthe key-record (selector) referenced in the signature (example:acceptable hash algorithms).

Strongly disagree. By applying the concept that a signing domain MUSTconfirm policy compliance prior signing, a signature on-behalf-of anidentity within their domain permits an assumption of policycompliance for all other identities also encompassed by the signingkey's g= and t= parameters.

SSP has to do with messages lacking, potentially, any validsignature at all, and the author domain(s) is/are used as the key toretrieve SSP from it/them.

Agreed. But this overlooks Ned's consideration for a signature on-behalf-of the Sender where the signing domain encompasses the Fromdomain, (and where the identity is not excluded by the signature's keyg= and t= parameters).

Ned accurately said when a signing domain is also authoritative forFrom address domain in question, then this email-address can beconsidered signed as well. The signature's hash for some identitywithin the signature's domain MUST include all From email-addresses. When the signature's domain is authoritative for theFrom's email-address's domain, (unless by a g= restricted key) themessage MUST BE assumed to meet the signing domain's policies.
My concern has to do with whether the SSP of the other From (author)domains has to be considered as well. Just as the point has beenmade that it's not proper to handle this case by arbitrarily pickingthe first From domain, I believe that it's also not proper to useSender for this purpose. Given that belief, the question of whetherSender is signed or not is moot.

Disagree. When the From email-address is encompassed by the Sender'ssigning domain and is not excluded by the signature's key g= and t=parameters, there is no reason to assume the message does not complywith the signing domain's policies. This concept covers all Fromemail-addresses. Policy referenced by the Sender's email-addressdomain matters little, and that is not what is being suggested.

RFC 4871 has some dangerous gaps within the specification. A g=restricted key can be used to sign on-behalf-of any header. Theidentity contained within the signature might match that of someheader, however this header is not required to have been includedwithin the signature's hash.
There was language in earlier versions of the dkim-base draft, "anyheader field that describes the role of the signer...MUST also beincluded" but that text was removed by WG consensus. I don'tconsider this to be a dangerous gap, however. RFC 4871 describesthe process for constructing and verifying DKIM signatures; thecontext for what valid signatures are useful for what purposes liesoutside that scope.

When deciding compliance, these security gaps MUST be considered.When a message is signed on-behalf-of (i=) some other identity withinthe signing domain, and this identity does not appear within the Fromheader, the key's g= and t= parameter matter. In addition, whenattempting to highlight which identities are signed, information notincluded within the signature's hash MUST BE excluded. Theserepresent significant security concerns.

In addition, a domain should be able to say they sign "all" and applyRFC 4871 as currently defined. Presently, SSP requires significantchanges to how RFC 4871 is applied.


-Doug

_______________________________________________NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html