On 5/10/2010 12:43 PM, John R. Levine wrote:
On 5/7/2010 10:07 AM, John R. Levine wrote:
No, all it says is "we signed this mail." A signer with a good
reputation
will presumably rarely sign mail where the From: address actively
misidentifies the sender, but that's a second order effect.
"misidentifies" covers quite a lot.
I used it to mean that the From: address doesn't have a reasonable
connection to any of the persons or entities that composed the message,
for some reasonable definition of reasonable.
If I send mail from bbiw.net (well, actually, sbh17.songbird.com is my
standard MSA) but label the From: field as being gmail.com, that's
reasonable to classify as "misidentifying" the From: address, since
songbird has nothing to do with gmail.
No, that's not misidentification. It may be something else, but we need
more precise terminology, preferably that avoids loaded terms like
"forgery".
Your restricted model is entirely reasonable, but it does not match what many
others in the community appear to mean. Note the frequent (mis-) use of the
word "forged". So we need to be especially careful when introducing a
pejorative label. In particular, we need to be careful about the likely
understanding of that label by readers.
Operator-based signing is typically meaning that the message was
posted by an authorized user. There's absolutely no implication that
the operator checked or enforced the contents of the From: field.
That entirely depends on what you know about the signer. Two of the
largest signers, Google and Yahoo, mechanically check that the user
receives mail at the From: address. One of the smallest, me, knows his
users well enough to be confident that they won't do hostile address
fakery even though I don't enforce anything mechanically beyond adding
trace headers. I have other opinions about other signers.
Requiring that verifiers know extensive details about the signing policies for
all of the signatures they see doesn't scale.
So here's a scenario. Let's say I run a political satire mailing list,
to which members contribute wacky messages pretending to be from famous
people like billg(_at_)microsoft(_dot_)com or
sarko(_at_)elysee(_dot_)fr(_dot_) I use some technique
not visible in the outgoing mail to ensure that the contributions are
from list members (perhaps a password that's stripped out.) Of course
the list puts a shiny new DKIM signature on all its mail. The list is
triple opt-in with a cherry on top, and the subscribers await each list
message all agog. Filter that.
I wouldn't want to. I /like/ that sort of mail...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html