On 16/Sep/10 18:49, Murray S. Kucherawy wrote:
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org On Behalf Of Ian Eiloart
I don't think so. The original signature should only sign the
DKIM- required and From headers, and perhaps enough other headers
to reduce utility of replay attacks. Importantly, they should
only sign parts that are likely to be unbroken by the MLM, thus
satisfying ADSP requirements. However, the recipient knows that a
valid signature from the MLM is required, too. Thus, the original
DKIM signature is only valid for messages going through the list
- off list replay isn't possible. On-list replay can be limited
by ALSO including a full DKIM signature, for the list to check
before redistributing.
I'm worried about that third sentence. If people are encouraged
not to sign Subject:, for example, which is a popular display
header field, one could spamify that field and re-send the
message.
Yes, suppose I usually sign everything, except when the only recipient
is ietf-dkim(_at_)mipassoc(_dot_)org: in this case I only sign From: and Date:.
One cannot replay a modified version of the message, because of the
2nd party joint signature. Thus one has to remove mipassoc.org's
signature, and then she can compose any message, constrained only by
the original From: and Date:. A third signed field,
DKIM-Required: mipassoc.org
is meant to avoid exactly that.
If you subscribe to the idea that a DKIM signature reflects a
domain taking some responsibility for a message, I'd have a hard
time not signing Subject: (or From:) for any reason.
Why? DKIM seeks to forbid modifications in order to avoid replaying.
On 16/Sep/10 13:05, MH Michael Hammer (5304) wrote:
Ian, this makes no sense to me. If a signing domain is concerned enough
to choose to implement ADSP, why would they reduce what they are signing
to accommodate a small percentage of their mail going to MLMs that they
may or may not be able to identify? I don't remove the locks on my doors
because there is a possibility that someone might break one of my
windows.
I've said it before and I'll say it again. MLMs are the tail, not the
dog. Don't wag the dog.
Messages can also be replayed as-is, for the sole purpose to game the
author domain's reputation. DKIM can sign To: and Cc:, but not Bcc:,
and then these are not tied to the actual recipients list. This
wagging is about delimiting message streams, hence it's not
necessarily tied to MLMs only.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html