ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] chained signatures, was l= summary

2009-05-28 12:26:43
from [Barry Leiba] [Permanent Link] 
Chaining signatures with Authentication-Results is unlikely to work,
since with two or more levels of chaining, there is no reliable way to
tell which A-R header goes with which signature.


Chaining isn't the point.  And mailing lists aren't the only
forwarders (I agree with what you say about mailing lists).

My address, at computer.org, is a forwarder.  When the mail gets to my
real mail server, it doesn't filter based on computer.org, but based
on the original sender, of course.  Now, computer.org won't break any
DKIM sig that's already there, so there's no worry.  But suppose it
did.

The model is this:

If you're going to send a message on and are not going to break the
signature, you do one of these:
1. do nothing to A-R or DKIM-Sig records that are there, and do not
sign yourself, OR
2. do nothing to A-R or DKIM-Sig records that are there, and add your
own sig.  Your sig does NOT cover A-R.

If you're going to send a message on and ARE going to break the
signature, you do this:
1. verify all previous sigs, creating your own A-R in the process, then
2. remove all previous sigs AND all previous A-R, then
3. put in your own A-R, then
4. DKIM-sign the message, having the sig cover your A-R.

If the process works like that, the verifier has exactly one signature
that covers the authentication results, so it knows where they came
from.  It can use that extra information or not, as it chooses.

We can argue about whether the information is useful in that case, but
it's the verifier's choice.  And it means that you don't leave
signatures around that YOU broke, so if I get "one good signature and
a bunch of broken signatures", it means the signatures were broken for
some other reason.  (I probably don't care about that, I'm just
saying....)


A-R can be useful in some very narrow circumstances, where the channel
between the agent that applies the header and the agent that uses it
is secure.  The most likely setup is that it's applied as the message
is dropped into a mailbox on a server, and it's used by a MUA or local
filtering proxy that picks up the message via POP or IMAP.


As I describe things above, A-R can be useful in more situations than
that.  If you (the verifier, the MUA, whatever) trusts the signer that
signed the A-R, you have information you can use.

Barry, as participant

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] General Feedback loop using DKIM, Steve Atkins
Next by Date:  Re: [ietf-dkim] l= summary, as I see it, Barry Leiba
Previous by Thread:  Re: [ietf-dkim] chained signatures, was l= summary, John Levine
Next by Thread:  Re: [ietf-dkim] chained signatures, was l= summary, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]