On Sun, 2004-09-19 at 07:03 -0500, Seth Goodman wrote:
From: David Woodhouse
Sent: Sunday, September 19, 2004 3:00 AM
I disagree. That reduces it to a hop-by-hop scheme again. In order to
determine the probability that this message really did come from me,
you'd have to ponder how much you trust the list server to have actually
checked.
Technically, you are of course correct. For the particular case of mailing
lists, I never considered it terribly important to have strong validation of
originating identity. It's just list traffic, after all.
I consider it _more_ important to authenticate list traffic. Perhaps not
to avoid spam, but because saying something in _public_ is far more
important than saying it in private. It's _more_ important for people to
know that it really was you, and to know precisely what you said.
The idea that all MUA's would have to change to deal with displaying
multiple signed parts in different colors, as well as noting parts whose
signature doesn't validate does not bode well for adoption.
That's a purely optional optimisation. If any scheme _required_ such a
thing to be implemented by all recipients, the scheme would of course be
doomed.
I knew you felt that way, I was playing devil's advocate. Since no MUA
today would know how to deal with the multiple signatures anyway, it would
have to be an MTA process and the message would either be accepted or
rejected. The end user would have no way of knowing who signed what, only
that the MTA figured out that everything was legitimate. My questions is
how valuable are the multiple signatures if the end user has no way of
knowing who really added and signed what parts?
But the end user _can_ know who signed what, if they happen to use an
MUA which supports that, and if they care.
If an MUA did this it should probably use the signature corresponding to
the From: header by default, and should need to be _asked_ for any other
signature.
You really know how to hurt a guy. Of course I don't have anything against
forwarding. I _do_ have a beef with anyone who changes message content, as
opposed to headers, in transit. Since I've never used any of the free
services, I am unaware of forwarders that actually change message content.
While I am aware that junk is often added at both ends of the link, I was
unaware of forwarders who actually do that. If that's what current practice
is, I believe you. Can S/MIME or the attachment signature of PGP survive
this kind of mangling? I would guess not.
Current practice for many mailing lists, yes. Not really for
'forwarders'.
And no, in general PGP/MIME and S/MIME don't survive. If they _did_, we
could just start publishing some kind of record which says "All mail
from dwmw2(_at_)infradead(_dot_)org will be GPG-signed", and give recipients the
chance to reject for lack of signature. But that would be utterly broken
in the real world today, just like certain other schemes we've
discussed :)
--
dwmw2