ietf-mailsig
[Top] [All Lists]

Re: Mailing lists and signatures (was: Re: CircleID on DomainKeys)

2004-10-28 08:52:38

At 10:03 AM 10/28/2004 +0100, David Woodhouse wrote:
In that case, surely William's comparison matrix is inaccurate? It says:

"Signature is not affected if additional text is added to email body" 
IIM: "No (signature would not verify)".

Yes; William's matrix reflects the -00 draft; I am remiss on getting changes to 
him to make it reflect the -01 draft.  I'll try to get that done today.


Due in part to my lack of time, I'd discarded IIM as a serious proposal
for that reason alone, and hadn't read the draft in detail. Surviving
mailing lists is one of the _most_ important criteria in my opinion.
I'll try to find some time to read it now.

On the other hand it's also a fundamental requirement that a scheme
should have a way to advertise to the world that all mail from a given
address will be signed. Without that you can't just reject unsigned mail
up-front. And according to William's table, IIM lacks that too.

Also added in the -01 draft, and not in his matrix yet.


We are not trying to make every mailing list work without modification to 
re-sign.  But making some lists work through simple mechanisms like this 
seems like a small amount of effort well spent.

Yeah -- making _every_ mailing list work would be an impossible task.
But most mailing lists don't do much to the mail as it passes through,
and what they do normally do is easy enough to deal with. It would be
negligent for us not to bother, for no better reason than "oh, the
complexity of it".

There's no inherent reason that a message shouldn't have signatures both
from the original sender and the mailing list resender, or either, or
neither.

I agree, but this is a different issue entirely.  In the absence of
mailing lists that re-sign, the original sender signature will be the
only one available.

Why so? I see lots of mail with both From: and Resent-From: headers, and
why should I not want to verify that the author really did write the
message?

What I meant was, that in the absence of mailing list support for signing 
messages, there's only one signature available anyway:  the one associated with 
the original sender.  The multiple signature issue has more to do with the way 
the re-signing happens (does it strip off the previous signature), when the 
mailing list does get upgraded.


I consider a valid signature that is based on the 2822 From address to
be more valuable than another one applied later because it signs the
address that I will be looking at in my MUA; also it's a more end-to-
end assertion.

That's true -- I agree. My point was that there's a trade-off to be had.
We can have something really simple, or we can accept a modicum more
complexity in order to make it more useful.

We do have to be aware that some MUAs won't actually display the address
in the From: header either, mind you -- but users of really broken MUAs
are always going to have problems.

Right.  Although we're asking for an uphill battle trying to agree on what 
constitutes a "really broken" MUA.  I have had people tell me I'm using one 
(Eudora 4.3); because it can't deal with multiple MIME parts inside a 
multipart/signed wrapper..


  I want to make sure that an attacker isn't forging a message and
then signing it on behalf of a non-existent mailing list in a
throwaway domain.  If I accept messages that are signed but from
unknown parties, this might otherwise be possible.

I want that too. That's why I want my own signature on a mail to survive
even if a mailing list resends it and signs it for itself, or if someone
else resubmits it with Resent-* headers to the mail system.

Another problem I have is that I hate to throw potentially useful information 
away.

-Jim


<Prev in Thread] Current Thread [Next in Thread>