At 10:54 PM 10/27/2004 +0100, Tony Finch wrote:
On Wed, 27 Oct 2004, Rand Wacker wrote:
in the long run, if the mailing list changes the message it should
re-sign.
In the short run, requiring that mailing lists do this in order for
verification to work is a serious deployment problem.
It will take some amount of time for mailing lists to begin checking signatures
and signing; if that's too long people may give up on message signatures. We
should make some attempt to get message signing to work with at least some
mailing lists to make it more effective before the lists upgrade. IIM has two
mechanisms for this: Body Length Count (so a footer can be appended to the
message) and header copying (so we can deal with modified subject lines, for
example). These are based on our observations of common list behaviors.
We are not trying to make every mailing list work without modification to
re-sign. But making some lists work through simple mechanisms like this seems
like a small amount of effort well spent.
There's no inherent reason that a message shouldn't have signatures both
from the original sender and the mailing list resender, or either, or
neither.
I agree, but this is a different issue entirely. In the absence of mailing
lists that re-sign, the original sender signature will be the only one
available.
I consider a valid signature that is based on the 2822 From address to be more
valuable than another one applied later because it signs the address that I
will be looking at in my MUA; also it's a more end-to-end assertion. I want to
make sure that an attacker isn't forging a message and then signing it on
behalf of a non-existent mailing list in a throwaway domain. If I accept
messages that are signed but from unknown parties, this might otherwise be
possible.
But others are interested in white-listing the address of the mailing list
itself. Taken with the previous paragraph, perhaps that is an argument for
multiple signatures.
-Jim