ietf-mailsig
[Top] [All Lists]

RE: Web pages for MASS effort

2004-11-22 09:50:52

From: Dave Crocker [mailto:dhc(_at_)dcrocker(_dot_)net]
Sent: Sunday, November 21, 2004 9:18 AM
To: Robert Barclay; 'ietf-mailsig'
Subject: RE: Web pages for MASS effort

Robert,

On Fri, 19 Nov 2004 12:51:27 -0700, Robert Barclay wrote:
  Your note at the bottom about the Sender semantics mentions Resent-
  Sender and Resent-From. This is mostly for my own edification but
  if you are changing the content of a message in a way that would
  break the signature on the From is this a case where use of either
  of the Resent headers would be accurate? It seems to me that in
  this case you are a new author and thus a new From or Sender.


Thank you for raising this.  I think it is a significant issue, which
is
why I put the added comment at the end of the footnote.  And your
question
is for more than education.  This is an issue we need to resolve.

The more discussion there is about signature requirements involving
transit accountability -- ie, the MASS goal -- the more I think we
need to
focus on the role of the actor who "creates" the total current
message.
That's the RFC2822.Sender or RFC2822.Resent-sender.  (As the footnote
notes, when there is no 'sender' field present, the 'from' fields hold
a
virtual copy of it.)

While in many cases these might be identical my interest is less in
transfer service introduction than in content authorization. The basic
question I want to answer is "was this content authorized by who it
appears to have been". So, in an effort to get at this answer the
universe of headers worth evaluation are the headers applied when
content is altered. My understanding of the intended use of resent
headers (which may be entirely wrong) is that they are intended for
cases where a previously authored message is reintroduced into the
system.
If you change the original message contents you are no longer resending
you are authoring and thus your address belongs in the From: and Sender
header.


Although having to look for two fields is more complicated than 1, I
think
that 'latest poster into the transfer service' is the simplest
concept.
They are, after all, the entity that should be accountable for the
current
transfer of the message by the end-to-end handling service.

How do folks suggest we resolve this?

I am not sure. Each time a thread has been created to answer this
specific question it has almost immediately jumped off to other topics
before there was an answer to this question.




d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker  a t ...
www.brandenburg.com





<Prev in Thread] Current Thread [Next in Thread>