ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Taking responsibility for a message

2011-04-26 04:08:23
This is the problem with this ambiguous "responsibility" term in DKIM 
and it becomes worst when blame or credit is distributed.

IMO, you can't have it both ways.

Sure, you are saying if unsigned parts altered or removed, then the 
mail is still valid, everything is still A O K.  You don't care, you 
are not responsible for these unsigned parts and most important of 
all, the message is trusted if the signer is vouched for some way, 
even if all unsigned parts is removed or altered!

But that can only be true specifically because of the hash bound PARTS 
you signed and took responsibility for.  So in this vain, Murray 
definition sound to be logical and technically correct:

     The signer is only accepting responsibility for the authenticity
     of the specific parts it bound to the signature.

That is much clear than saying:

     "The signer takes some responsibility for the message."

when it doesn't care for what has changed in the message payload as it 
travels.

Another perspective with be a DKIM ready MUA display.

The MUA at ESP1 displays:

     Date: Whatever
     From:  Joe
     To:  Larry
     Subject: Bananas
     Signed by: trustme.com

then I can see your viewpoint better.  There is something about
the signer that it is claiming some responsibility for the message.

But the MUA at ESP2 displays:

     Date: Whatever
     From:  Joe  (Signed by: trustme.com. Click for Details)
     To:  Larry
     Subject: Bananas

     Signer Details:

        Voucher:  ESP2 likes Trustme.com

        Trustme.com has authenticated the following fields:

        From:
        Date:
        Subject:
        To:
        List-ID:

Then Murray is again correct.

-- 
HLS

John Levine wrote:
I don't so much view DKIM as protecting content; rather, my current view
of its semantics aligns with the whole "taking some responsibility for"
approach.

So far, so good, the signer takes some responsibility for the message.

And thus, a signer should only sign those parts of the header and
body for which it wants to accept responsibility.

Good lord, no.  Taking some reponsibility for the message is not the
same as taking responsibility for some of the message.

If you do that, that pretty much requires that we put back the stuff
that says that a verifier produces an edited verision of the message,
and you better be prepared to have a very, very, very long discussion
about how much of a message a signature has to include for it to be
"enough" and how to design various metrics about the relative value of
signatures that cover more or less of the message.

If you think a message is worth signing, sign it.  If you don't,
don't.  Those are the only two options. When a list manager's domain
signs a message, it's not asserting anything about the literary merit
of the message, it's just saying the message satisfied whatever criteria
it uses to select and pass along the messages it signs.  (Yes, this is
fairly tautological.)

The reason you might not include part of a message in the signature is
that you don't care if someone changes it.  I don't sign Received: or
X-Mailer: headers, because changing or deleting them is harmless.  I
do sign nearly everything else.  This also suggests why the l= option
is not useful, since it says "I don't care if other people add stuff
to the end of the message."

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>