On 28/Apr/10 12:58, SM wrote:
At 11:27 27-04-10, Alessandro Vesely wrote:
At any rate, all what I'm trying to say is that a few certified
fields, e.g. "From:", "To:", and "Date:", are more useful than a
broken signature, in most cases.
Yes, they are. RFC 4871 describes what is being covered by the DKIM
Signature. For the sake of the discussion, I'll overlook that.
The term "integrity" only appears in the abstract.
It would be good to have these fields certified by limiting the DKIM
signature to cover them only. There are cases where we will still
end up with a broken signature though.
Do you have specific examples? Could a "mellowed" canonicalization
cope with them?
In a one to one exchange, let's presume that the message won't be reinjected.
(but snooping is possible)
It's different
for an open mailing list as you any of the subscribers can reuse what
has been certified and add their own content. In simple terms, you
are providing a blind certificate by only (DKIM) signing those fields.
Yes, I am, but with added constraints with respect to what they can do
using no signature at all. The "Date" constraint may result in badly
positioning those replayed messages. Wrong "To" fields make a message
suspect. In addition, spammers don't seem to be seeking the increased
likelihood of being opened that messages could get if their "From"
values were familiar to the recipients.
We could use this blind certification for one to one exchanges. If
the recipient's account or any of the hops through which the message
transits is compromised, there will be abuse. That's already
happening by the way.
Replay attacks? Spam is also happening. As an email user, I'm not
overly worried about spoofed signatures: They are not legally binding,
and I trust human recipients are able to distinguish fake messages in
case they occur. I'm not easing spammers' job by signing mail, even
though I'd use weaker signatures for increased resiliency. In facts,
the backscatter I get is not signed.
I would caution anyone against using such a
certification for mailing lists as they will be providing a means for
anyone to affix their DKIM signature to new content. I am not
recommending "l=0".
The reason I'm also reluctant to recommend it is because restrictive
acceptance policies may discard such messages, as John mentioned. The
same concern also applies to possible weaker canonicalizations: would
receivers be tempted to rule them out? I think receivers should trust
the signing policies that senders devise for the messages they send.
It is true that by the 80%-20% criterion DKIM may work without l=0.
However, it breaks mailing list traffic and MIME-conformant forwarding
(compare that to SPF.) Do we aim at 100%?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html