On 03/Aug/10 00:49, Douglas Otis wrote:
On 7/30/10 1:05 PM, Alessandro Vesely wrote:
I propose that, when a message is destined to a list, the author
domain signs a few header fields only, not the body, and tags the
message with a (signed) list-signature-required sort of advice.
Changing signature behavior seems ill advised, as this will be more
difficult to implement. Not signing the body will also introduce
security issues.
Signing software may also take signature properties, including key,
from ad-hoc header fields. Posters just have to set it adequately
when they post to lists. MLM should bounce the submission in case
they forget, just like they do when posters pick up the wrong From.
The body will be signed by the MLM, so there is no security issue here.
Another way of achieving the same effect would be to standardize all
acceptable message changes, together with a MIME-compliant
canonicalization. We've already noted that in some cases (plain
text, poster-added subject tags, not signing "Content-Type", l=) it
may work as-is. For the general case, and for the time being, the
advice requiring the added list signature guards against replay
attacks: Verifiers must ensure that both signatures are valid, unless
they are the domain whose signature is missing.
I don't wish to stand in the way of such a goal, but such a change may
take many years to define, and at least as many to gain adoption.
Standardizing all acceptable message changes certainly will take
years. To the opposite, the joint-signature approach is
straightforward. Just like ADSP /requires/ one signature, the newly
introduced "ADSP-Required" header field /requires/ one more (with the
same meaning of /requires/.) In case I haven't been clear, here is
what the final recipient will get:
Delivered-To: someone(_at_)final(_dot_)receiver(_dot_)example
Authentication-Results: final.receiver.example
dkim=pass header(_dot_)i=(_at_)original(_dot_)example
dkim=pass header(_dot_)i=(_at_)MLM(_dot_)example
dkim-adsp=pass header(_dot_)from=author(_at_)original(_dot_)example
Received: from MLM.example by final.example with ESMTP
DKIM-Signature: d=MLM.example ... this signs body, subject, etc.
Received: from original.example by MLM.example with ESMTPS
DKIM-Signature: d=original.example; l=0 ... signs few fields
ADSP-Required: MLM.example (*this is new*; signed by original.example)
From: author(_at_)original(_dot_)example
To: post(_at_)MLM(_dot_)example
Date: Wed, 04 Aug 2010 14:22:18 +0200
Subject: [tag] This field is not signed by original.example
The only changes are the addition of the ADSP-Required header field,
and its interpretation by verifiers. This is not difficult:
After retrieving the ADSP RR, and seeing it is "all" or "discardable",
the verifier checks whether d=original.example occurs among the
successfully verified signatures. The additional step is simply to
check that a signature by MLM.example (as mentioned in ADSP-Required)
also occurs. If the latter step fails, dkim-adsp also fails, unless
the verifier _is_ MLM.example.
Isn't this simpler than TPA?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html