ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary)

2009-06-22 06:35:34
On Fri, 19 Jun 2009 17:55:57 +0100, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>  
wrote:

On Jun 19, 2009, at 4:29 AM, Charles Lindsey wrote:

But either way, there is no suspicion that the A-R was added by the
spammer, or any other agent prior to the ML site, so no reason to
doubt the truth of what it attested (except for Conspiracy Theorists
who doubt everything - and the best way to placate Conspiracy
Theorists is to give them the evidence that proves their vivid
imaginations are wrong - in this case by signing the A-R header).

It dangerous to consider A-R headers of unknown origins as somehow
inherently safe......

Inless they are included in a signature.

An A-R record always includes an idication of the domain that purported to  
have place it there. If it is signed by that same domain (as would be the  
case in the scenarios we are discussing), then more reliance can be placed  
on it (depending on your opinion of that signer - but you opinion of the  
manager of a mailing list you have subscribed to is likely to be quite  
high).

I agree that an unsigned A-R is dubious, but even then if it purports to  
have been placed there by a domain which
    a) the message has been passed through, and
    b) you are prepared to trust to have removed any pre-existing bogus A-R
       purporting to have been placed there by that domain
then it should be pretty safe (and this was indeed the case for the  
example we were discussing).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>