Murray S. Kucherawy wrote:
I don't so much view DKIM as protecting content; rather, my current view of
its semantics aligns with the whole "taking some responsibility for"
approach. In essence, when an agent conducts verification, it is presenting
the hashed content to the signer and asking, "Did you take some
responsibility for this?" A successful verification is an implicit "yes".
And thus, a signer should only sign those parts of the header and body for
which it wants to accept responsibility. Most of the time that should be
most or all of the message, but there might be a point at which an
intermediary or relay doesn't want to do that, but rather just wants to sign
the parts it added or changed (as much as it's possible to do so).
In the MLM's case, the entire body plus any fields it added or changed seems
like the appropriate content over which to make some assertion of
responsibility.
I never did like the term Responsibility in DKIM.
Is this a technical responsibility or legal/moral/ethical responsibility?
Some may view a technical responsibility as leading to or less than a
technical requirement. The only technical responsibility I see is the
required From: binding, and I think we should continue to look at the
other binding options as helping "responsible" technical designs for
optimal and secured DKIM mail integration.
So in that vain, with all the legal/moral/ethical responsibility
connotations aside, from a technical standpoint, it seems to be very
logical for an MLM resigner to consider the inclusion of headers
directly related to it:
Authentication-Result: helps with "chain of trust" ideas
List-*: Its describes the list!
Subject: simply because a MLM may change it
Reply-To: simply because a MLM may change it
From a verifier standpoint, in my opinion. I know is responsible for
sending a message, and I know that DKIM wants me to think the signer
is responsible for "somethings" but is it really?
I was thinking of UPS as a good analogy.
Each parcel has a "standard" insurance but you can purchase extra
insurance for the entire package. But the only "standard" bit signing
insurance that comes with all parcels (messages) is the required
"From:" binding.
Now, if you do get the extra insurance and there are delivery damages,
UPS will only reimbursed you for the damages parts, not the entire
package, up to the maximum extra insurance offered. So in that way,
one may suggest, one is only responsible when damages occur. The
verifier may ask
"Who is responsible for this broken signature?"
and for valid messages it passing the buck to trust signers:
"You are now responsible for this valid DKIM message."
Its crazy :)
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html