From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of John Levine
If it were my ISP, I'd just cancel the account. I'd only cancel a key
if I found that it had leaked and unknown parties were using it to
sign mail. The signature means that the original sender and recipient
addresses are real, if someone wants to further pursue the miscreant.
The most that a signature can do is to identify the responsible party.
There's no point in adding cruft that attempts to go beyond that.
Given this why would any domain want their signatures to survive
transformations by mailing list message that their users send to, with which
they have no relationship and over which they have no control. I know for
most of the companies I work with they are extremely conservative (for good
legal reason) in what they are willing to accept responsibility for.
It seems to me that the possibility that a domain may be accepting
responsibility for a message that has undergone an arbitrary list of changes
after it has left their control is likely to impede adoption of a mailsig
mechanism by exactly the group of people whose adoption would be most
valuable (namely high value spoofing targets).
I know that when I go to speak to financial service companies I work with
that, to convince them to adopt any of these mechanisms it must meet the
following need
1) It allows them to show the validity of the use of their domain by anyone
they allow to send on their behalf (and any large company will have a number
of people with whom they have contractual relationships validly sending on
their behalf)
2) Accept responsibility (and the concomitant reputation affects) only for
the messages sent by those parties.
If there are cases where a message may be altered by someone other than
those people over whom they can exercise control (either their employees or
people with whom they have a direct relationship) then to get them to adopt
mailsig the list of those transformations will need to be pretty limited and
it will be necessary to be able to enumerate them to the non-technical
managers of those companies in a way that makes it clear that adopting
mailsig does not create new risks for them. He argument that this my create
some risks for their reputation in some areas, but reduces their risk in
others may carry some weight but in my experience is a pretty hard sell.
This is one of the underlying reasons that I still believe that mailing
lists are themselves an end point for mailsig (and most other purposes).
Suppose this list started adding a signature that I found offensive. If I
complained about the message John sent due to that signature would it be
reasonable to assign responsibility for that to iecc.com?
Robert