ietf-mailsig
[Top] [All Lists]

Re: SSP - 3rd party Signers - Definition/Usage

2005-07-28 18:52:22

On July 28, 2005 at 17:58, "Arvel Hathcock" wrote:

Humm... interesting idea.  This would make it the responsibility of the 
signer to do the policy checking but it seems that this move wouldn't change 
verifier requirements.  The verifier can't assume that a "3rd party" 
signature which it finds in a message was placed there by a signer that 
played by the rules and did an SSP check first.  Since this is the case, 
might as well leave the responsibility on the verifier IMO.  In other words, 
since the verifier can't trust the signer and must do an SSP anyway why have 
the signer go to this trouble?  What do you think?

Because it is good behavior.  For example, a mailing list administrator
does not want to be bothered by SSP violation messages from verifiers
determining if list admin is trying something malicious.

Therefore, it should be RECOMMENDED that signers check the SSP of
the OP to see what is, or is not, allowed.

In short, it seems that signers need to take into
account the ORAD SSP before any signing takes
place to see if its allowed.   If not, then we really
have PHISHING and SPOOFING problems.

Currently, when you allow third party signatures you can be phished and 
spoofed.  But this is no different than being phished and spoofed by not 
using DKIM at all.

It hurts DKIM's reputation as a system of entities can spoof messages
with valid DKIM signatures.

Even if we changed the spec to say that signers must 
comply with the SSP wishes of the ORAD, this does not eliminate the attack 
vector because phishers and spoofers can just not do that and sign anyway. 
So, verifiers must be responsible for SSP right?

Correct.  A recommendation that signers check SSP should be mentioned
to avoid unnecessary SSP failures by verifiers.

--ewh

<Prev in Thread] Current Thread [Next in Thread>