On May 26, 2011, at 3:24 PM, Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Thursday, May 26, 2011 3:20 PM
To: DKIM List
Subject: Re: [ietf-dkim] MLMs and signatures again
That's relying on an awful lot of vaporware in the MUA, orthogonal to
any sort of authentication. I don't think any MUAs really track sender
reputation in any way[1].
It's not vapourware in general. Such feedback systems exist, and could
easily be tied to DKIM domains.
I don't think they exist at the MUA level, keyed on senders. I'd
be interested to hear about them if they do.
(There are bunches of end-user visible reputation systems that
have UI in the MUA, of course, but they don't track reputation
on a per-end-user basis, rather they feed end-user perception
into a shared reputation system).
Well, d= won't identify the original sender at all, in the case of
individuals sending to a mailing list. It'll identify the domain of
their ISP, nothing more.
Well, right. You'd be basing decisions on validated DKIM "d=" values.
Which isn't good enough to differentiate between cleo(_at_)aol(_dot_)com and
hector(_at_)aol(_dot_)com. If Hector starts forging his From: address to pretend
to be Cleo, DKIM doesn't help me at all. If he doesn't then I'm probably
fine just keying on Cleo's From: field.
Tunneling DKIM signatures through MLMs doesn't seem to be the missing
bit of technology needed to do this.
If the MLM signs any email it sends then you have some level of trust
in any information it annotates the mail with.
Yes, and A-R provides a mechanism for doing that as well. It's mentioned in
the MLM draft too.
*If* it were possible to identify the original email author in some way
(S/MIME, PGP, some private shared secret approach....) the MLM could
annotate the mail with that information, and you could trust it enough
to filter on. If the MLM doesn't have enough information to identify
the original email author, it's unlikely you do either - whether
there's a second DKIM signature or not.
Why the last part of that?
It's going to be a rare case where the final recipient can reliably authenticate
the original author of the email, while the MLM can't. (There are exceptions -
but if a cooperating group of people are using untrusted
infrastructure to communicate, they're not going to be relying on DKIM,
rather they're going to be living on paranoia, cigarettes and OpenGPG).
Normally, if you can authenticate the original author then the MLM can do
so just as well, so you can reliably route email based on metadata added
by the MLM, rather than having to independently authenticate the original
author yourself.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html