Most recent sender.


OK, let us assume that we've ditched the idea of having a signature on
the From: header which can survive mailing lists, and we're only going
to attempt to authenticate the 'most recent sender'.

Let us further assume that we're not just going to use the RFC2821 MAIL
FROM address, but we're going to try to fish it out of the RFC2822
headers.

The problem here is that we can't reliably _tell_ which of the Sender:
and Resent-Sender: addresses is the most recent. The message may have
been resent to a mailing list, and the Sender: is added by the mailing
list and is the most recent. Or the message may have been resent _after_
it travelled through the mailing list, and the Resent-Sender: is most
recent. 

(I'm assuming the rule about using the contents of the From: header if
Sender: is absent, and likewise for Resent-{From:,Sender:})

I'm not overly happy with the idea that we'd have to look for signatures
from both, and give the benefit of the doubt -- if the mail would be
considered valid if _either_ of the Sender: or Resent-Sender: was most
recent, then we'd have to accept it. 

I was thinking that we could make the signer include sufficient
information that we can _tell_ which is the most recent sender. We could
include the Sender: _and_ Resent-Sender: addresses in the signature, and
then if either is changed (by a non-MASS-aware mailing list or a
resender), we know that the changed address is _newer_ than the signed
address. Thus, we can _tell_ which is the most recent sender, and we
don't have to be quite so fuzzy about it.

Unfortunately, this doesn't work properly when a message is received by
a mailing list (Sender: owner-ietf-mailsig(_at_)imc(_dot_)org), then resent by 
me
(Resent-Sender: dwmw2(_at_)infradead(_dot_)org) back to the same mailing list. 
The
Sender: header isn't actually _changed_ in that case, so my address
would be considered the 'most recent sender' and the signature would
fail.

Can anyone see a better way of reliably determining which is the 'most
recent sender'? One option would be for the signing party to _remove_
the Sender: header if signing a Resent-Sender: address. I'm not sure I
like that much though. Better options?

-- 
dwmw2

<Prev in Thread]	Current Thread	[Next in Thread>
Most recent sender., David Woodhouse <= Re: Most recent sender., James Galvin Re: Most recent sender., Douglas Otis Re: Most recent sender., James Galvin Re: Most recent sender., william(at)elan.net Re: Most recent sender., John Levine Re: Most recent sender., Jim Fenton Re: Most recent sender., David Woodhouse Re: Most recent sender., John Levine Re: Most recent sender., David Woodhouse Re: what signatures mean, was Most recent sender., John Levine

Previous by Date:	Re: MARID vs. MASS, David Woodhouse
Next by Date:	Re: Good as the enemy of OK, Douglas Otis
Previous by Thread:	Responsibility assignment ad mailing list survival (was RE: Good as the enemy of OK), Robert Barclay
Next by Thread:	Re: Most recent sender., James Galvin
Indexes:	[Date] [Thread] [Top] [All Lists]