On July 28, 2005 at 17:58, "Arvel Hathcock" wrote:
Humm... interesting idea. This would make it the responsibility of the
signer to do the policy checking but it seems that this move wouldn't change
verifier requirements. The verifier can't assume that a "3rd party"
signature which it finds in a message was placed there by a signer that
played by the rules and did an SSP check first. Since this is the case,
might as well leave the responsibility on the verifier IMO. In other words,
since the verifier can't trust the signer and must do an SSP anyway why have
the signer go to this trouble? What do you think?
Because it is good behavior. For example, a mailing list administrator
does not want to be bothered by SSP violation messages from verifiers
determining if list admin is trying something malicious.
Therefore, it should be RECOMMENDED that signers check the SSP of
the OP to see what is, or is not, allowed.
In short, it seems that signers need to take into
account the ORAD SSP before any signing takes
place to see if its allowed. If not, then we really
have PHISHING and SPOOFING problems.
Currently, when you allow third party signatures you can be phished and
spoofed. But this is no different than being phished and spoofed by not
using DKIM at all.
It hurts DKIM's reputation as a system of entities can spoof messages
with valid DKIM signatures.
Even if we changed the spec to say that signers must
comply with the SSP wishes of the ORAD, this does not eliminate the attack
vector because phishers and spoofers can just not do that and sign anyway.
So, verifiers must be responsible for SSP right?
Correct. A recommendation that signers check SSP should be mentioned
to avoid unnecessary SSP failures by verifiers.
--ewh