As for the "time machine" aspect for all of this, I'm much more
concerned about the little mailing lists that haven't been upgraded in
ages than I am about well-established and well-maintained mailing list
operators. One thing we're trying to do here is to disenfranchise as
few people as possible, even those that aren't professional mailing list
operators.
I subscribe to lots of little mailing lists running on dusty old servers.
The amount of forged mail they forward is, within a gnat's eyelash, none.
They all verify the senders somehow, and the From: addresses are all real.
Could you give a concrete example of a problem with some actual existing
mailing lists that aren't tractable now but that forwarded signatures
would solve?
This isn't in C, but here is what I would do.
[ four point canonicalizing scheme snipped ]
This scheme won't work on the yahoo groups example I posted yesterday.
nor would it work on mail passing through my stock majordomo2 server.
One attack on this whole thing is for the attacker to pretend to be a
mailing list, and just sign a bunch of spam/phishing messages on behalf
of a throwaway address. The message looks legitimate and signed, but
it's not signed by anyone trustworthy. This puts a very strong
dependency on reputation and accreditation services. ...
How is this any different from a bunch of signed spam coming from any
other address? I don't know of any mail filters that say "oh, this looks
like a mailing list so we'll give it a pass." Any signature scheme
depends on whitelists and blacklists to decide whose mail to accept.
Perhaps this is the "illusory" aspect described above, but IIM
signatures as they are currently defined are surviving a number of
mailing lists, including ASRG, dk-milter-discuss(_at_)sourceforge(_dot_)net,
ietf-mailsig, ietf-mxcomp, and Yahoo! Groups.
Hold on a minute. IIM signatures most certainly do not pass through yahoo
groups with any reliability. Didn't you see the example I posted
yesterday?
messages, messages with S/MIME signatures and the like, but the vast
majority of messages on the mailing lists I subscribe to are plain text
as well.
I believe you, but I think the problem here is that the lists that you
(and probably I) subscribe to are extremely atypical of both current list
mail and mail in general. For starters, the vast majority of mail that
typical mail users send and receive is now HTML mail. IIM crashes and
burns as soon as someone starts manipulating the HTML in messages, which
list managers very commonly do.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.