ietf-mailsig
[Top] [All Lists]

Re: mailing list software, was What does the mailsig mechanism mean?

2004-11-03 20:55:41

At 08:12 AM 11/2/2004 -0500, John R Levine wrote:

Because then I could take the message signed by the mailing list and
replay it to a whole lot of people that aren't subscribed to the
mailing list, as well.

Indeed, you could.  So what?

Oh, pardon my excitement...it's just a new twist I hadn't explicitly thought 
about before.


The main point of any sender authentication scheme is to identify who to
blame for any particular message.  If the mail really came from the
mailing list, the list should sign it.  People can draw their own
conclusions about the merits of mail the list sends.

The mailing list needs to be careful of what it signs, because a wide replay of 
a single message relayed through the list could be quite damaging to the list's 
reputation, once reputation systems come into use.  And it could be quite 
difficult to track down the originator of the message to the list, unlike the 
"send a message to an accomplice who replays it" attack described in IIM 
section 9.1.4.


We can't know all of the ways that people set up their mailing list
software.  There might be other ways that list software weeds out nasty
mail, e.g., put a password in incoming mail, or only accept mail from the
local LAN.  I don't think it's productive to try to create rules about
when senders are supposed to sign their mail and when they aren't.

Agreed.  The mechanism used by the list to decide what it accepts could be 
anything.

-Jim


<Prev in Thread] Current Thread [Next in Thread>