ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] If DKIM would ignore [] at the beginning of the subject line

2011-03-31 11:21:58
from [Hector Santos] [Permanent Link] 
Franck Martin wrote:

Silly question (?): 

Knowing that many mailing lists add [topic] at the beginning of the Subject 
line, 
what if DKIM was set to ignore that part when signing/verifying?

Would it help to solve the problem of broken signature thru mailing lists? 

I realize the issue would be to also detect the add footer, but if I recall 
you can specify in dkim to sign only a certain length of the body and not 
the whole body.


So are you proposing changes or a BCP for DKIM signing and verification?

    DKIM Signer Tips:

    - When signing messages targeted for a mailing list, you MAY
      consider using the l= tag to increase the survival
      rate of the message list distribution when a list
      footer as the only change to the body integrity.

      SECURITY NOTE: Please keep in mind there are replay
      exploits potentials with l= body length usage.

    DKIM Verifier Tips:

    - If a signature fails to validate, you MAY consider retesting
      to see if the failure was related to a subject line modified
      with [LIST-NAME] tag. Strip the tag and retest. You might
      also check if the z= tag is available with the original Subject:
      header value

But what about the other passive MLS-based mail tampering abeit 
industry-acceptable change options possible such stripping 
attachments, stripping HTML mime parts?

For our MLS software DKIM integration, I followed the expired DSAP 
proposed recommendations to first make sure there are no POLICY based 
restrictions and to exclude list membership for these domains.  An 
example can be seen at this subscription page showing the ADSP 
Restriction warning:

     http://www.winserver.com/public/code/html-subscribe?list=list-dkim

Try subscribing with any ADSP restricted domain email address, such as 
my test CatInTheBox.Net domain which has a DNS ADSP TXT record 
DKIM=DISCARDABLE and you will see a subscription deny response.

But once the member is allowed, we are doing the basic list submission 
mechanics of:

     - Verify original signature(s),
     - Add verification results with A-R header(s),
     - Modify/prepare message based on list option, which include
     - Strip original signature(s),
     - Resign with signer domain defined for the list,
     - Perform Distribution, there is no expectation of
       DKIM-related failure related to ADSP policies or
       related to broken original signatures.

One of the outcomes this was the suggestion of a new list option that 
basically offers an option such as:

      [_] Keep Original Mail Integrity

I like the idea because it is really a DKIM independent concept to 
offer list distribution features that are not alter list mail in any 
way.  But in a new DKIM aware mail environment, this "no mail 
tampering" list option can apply very well for a list with resigning 
or no resigning scenarios where retaining original mail signature(s) 
are desired.  The only change when resigning is the creation of a new 
signature which technically should not fail a DKIM verifier.

The main point I would like to stress is that we really need to begin 
to make DKIM something that is WORTH processing with well established 
conditions for GOOD and BAD mail filtering and reduced all the 
constant fuzzy mail designs that only continue to produce 
indeterminate results.   All that means is that if a domain is really 
seriously concern about its DKIM signed mail survivability and 
minimize all failures then the domain should avoid submitting these 
domain messages to "Meat Grinders" such as a MLS well known to operate 
with industry-accepted mail tampering features.

Higher survivability can only begin to occur as the MLS software are 
made DKIM aware.  I suggest there will continue exist older legacy 
software and most likely for many years.  But new or old, you will 
always need to be aware of the list operating behavior and what it 
does for DKIM directly or indirectly.

In all cases, you are just putting your domain, brand and reputation 
at risk if you sign your mail with an expectation they will have a 
high survivability rate.  IMV, the reason there is seems to be a 
continue aura of unsureness for DKIM is because we still have many 
failure conditions the DKIM Signer Domain Assessment model can not 
address.  It doesn't even address the NO SIGNATURE scenario.  So we 
left with limited DKIM utility where the only message to consider is 
one DKIM signed by a trusted source. Anything else has an 
indeterminate status.  All that means is I don't think it helps domain 
if it is going to go against this GOOD MAIL only idea by submitting 
signed mail to a list expecting it to survive when there is no current 
way to know what that list is going to do and the odds are very high 
it will break your original integrity.  At best, is for the author 
domain to be aware that list signer domain will take responsible for 
your copyrighted message by resigning it.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] If DKIM would ignore [] at the beginning of the subject line, Al Iverson
Next by Date:  Re: [ietf-dkim] If DKIM would ignore [] at the beginning of the subject line, MH Michael Hammer (5304)
Previous by Thread:  Re: [ietf-dkim] the alleged list problem, was If DKIM would ignore, John Levine
Next by Thread:  [ietf-dkim] mipassoc site is down?, Franck Martin
Indexes:  [Date] [Thread] [Top] [All Lists]