On May 30, 2011, at 3:23 PM, Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Monday, May 30, 2011 9:14 AM
To: DKIM List
Subject: Re: [ietf-dkim] New canonicalizations
The most obvious thing that MLMs do that invalidate signatures are 1.
append content to the body and 2. prepend content to the subject line.
Any approach that allows me to replay messages while making those
changes seems to open the door to abuse.
Agree on all counts. And I talked to the Mailman people, for example, about
a modified header canonicalization that deals with Subject: tagging, and they
also agreed it wouldn't help that much since that's not the most common
change made that would invalidate the signatures.
Yup, that too.
So as far as I can tell, we're at a point where lots of people think they
want MLM survivability of signatures,
Maybe. If you can't name ten, there aren't lots.
or at least the chain-of-trust capability, but no proof that the increased
risk is worth the increased gain.
Chain of trust is a somewhat different thing, and could likely be implemented
with little, if any, increased risk in the case where the MLM is trusted (for
some meaning of the word that probably boils down to manual whitelist or
positive reputation of the MLM operator) by the recipient.
The MLM signing the re-sent message, including an A-R header or some slight
variant, is the obvious way. I don't think there's much gain to be had there,
but it can be done with little effort and little risk.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html