ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats

2009-04-05 07:56:08
from [Charles Lindsey] [Permanent Link] 
On Fri, 03 Apr 2009 14:15:18 +0100, Hector Santos 
<hsantos(_at_)santronics(_dot_)com>  
wrote:


   DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple;
                   d=mipassoc.org; s=k00001; ....
   From: "J.D. Falk" <jdfalk-lists(_at_)cybernothing(_dot_)org>

or this:

   DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple;
                   d=mipassoc.org; s=k00001;....
   From: HLS <sant9442(_at_)gmail(_dot_)com>


Neither of those are Author (Domain) Signatures. They indicate that  
mipassoc.org has processed them, and that mipassoc believes they are  
"worthy of all men to be believed" (whatever that means). I would not  
expect a simple minded Assessor to be impressed, or to take any action  
either way (unless there are _additional_ signatures that are more  
impressive). A smarter Assessor that knows the reputation of mipassoc.org  
_might_ be a little more impressed.

Neither signature does any harm, but they don't do much good either.


which by the way

   DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple;
                   d=gmail.com; ....
   From: HLS <sant9442(_at_)gmail(_dot_)com>


And that looks like a perfectly good Author Signature, which any assessor  
SHOULD pass without further ado.


Before mipassoc.org got its hands on it, is all about 3rd party "mail
DKIM interference" with 1st party or other 3rd party signatures.

If you don't control this, then we will undoubtedly begin to see:


I don't see WHY you want to control this. All the examples are harmless.


   DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple;
                   d=some_phisher.com; ....
   From: Poor User <Poor(_dot_)User(_at_)cox(_dot_)net>


And that should be harmless too, unless some_fisher.com has acquired an  
excessively negative reputation.


If COX.NET has not plans to deal with this, either with ADSP or
something else, that pity the Poor User at cox.net.  Sure, the fancy
reputation system will eventually score up points on some_phisher.com
or someone will report it early on, but it might be too late for Poor
User at cox.net.


Why? Of course it would be better if COX.NET had added a signature first,  
with an ADSP record to explain it, but that is not essential.

I just do not see what you are getting at.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Consensus points on "errata" draft from the IETF 74 meeting, John Levine
Next by Date:  Re: [ietf-dkim] I-D Action:draft-ietf-dkim-rfc4871-errata-03.txt, Charles Lindsey
Previous by Thread:  Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats, Hector Santos
Next by Thread:  Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats, J.D. Falk
Indexes:  [Date] [Thread] [Top] [All Lists]