On Wed, 07 Jan 2009 02:06:48 -0000, MH Michael Hammer (5304)
<MHammer(_at_)ag(_dot_)com> wrote:
-----Original Message-----
From: Jim Fenton [mailto:fenton(_at_)cisco(_dot_)com]
Sent: Tuesday, January 06, 2009 8:20 PM
To: MH Michael Hammer (5304)
Cc: John L; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Next steps for draft-ietf-dkim-ssp
Suppose that ietf.org asserts an ADSP record but doesn't require
signatures on incoming messages, even from its own domain (there's no
requirement that they do). Someone spoofs a message from
chair(_at_)ietf(_dot_)org, which is of course unsigned. The message coming
out
of
the list looks like it has an author signature. I have a problem with
that.
If ietf.org is willing to put it's signature on the spoof message I
would assert that it has a DKIM problem more than an ADSP problem.
Ietf is no different from any other domain. It is entitled to choose, in
its ADSP policy, either 'unknown' or 'all' or 'discardable'.
If it chooses 'unknown', then the list manager might adopt the (very
sensible) policy of signing all list submnissions with
'i=lists(_at_)ietf(_dot_)org'
(Note that 'lists@' would probably be more sensible than Jim's original
'ietf@'. I would not expect receivers to be particularly concerned about
the presence or absence of this signature, but individual recipients might
like to inspect it if a message appeared suspicious.
But if it chooses 'all', or even 'discardable', then the ietf chair (whose
real name might be 'john') would have to arrange to submit his messages
via the ietf server if he wished to use the From line
'chair(_at_)ietf(_dot_)org'.
More often, he would send it fron his own domain with a From line such as
'john-ietf-chair(_at_)example(_dot_)com', in which case the signing policies of
example.com would apply. But if his message is sent to the list, it would
still attract an (additional) signature with 'lists(_at_)ietf(_dot_)org'.
Receivers
would treat any other signature according to the example.com policies.
Note that, if john did choose to use 'From: chair(_at_)ietf(_dot_)org', then it
would
probably attract two signatures. Moreover, if he was foolish enough to
sent it via example.com's servers, then Receivers ought to be treating it
with suspicion.
As to whether the list manager ought to be rejecting messages that already
appear bogus, that is a separate issue (though one might expect list
members to be aware if his policy). It is not covered by any of our
present drafts.
Either the message has a valid signature or it does not. If there is a
valid signature then ietf.org is claiming responsibility. If it doesn't
have a valid signature....then not so much. If ietf.org is sending out
spoofed messages spoofing a "from" then it has a problem regardless of
whether it DKIM signs, uses ADSP or does anything else..
If ietf asserts 'all', and the message sent to the list by the chair using
the example.com server, and which receivers _ought_ to have treated as
suspicious, passes the through on account of the list manager's signature,
then indeed you may have identified a valid point. But it is a point that
none of our drafts covers, nor was intended to cover, so I don't see it as
a reason for mucking about with it at the present time. It belongs to some
future Lists draft.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html