ietf-mailsig
[Top] [All Lists]

Re: DKIM Verification Algorithm

2005-08-02 06:19:28


On Tue, 2 Aug 2005, Hector Santos wrote:

[2] Arvel suggested another policy called WEAK which satisfies a
signature optional but not allowing 3rd party signers.

What is a reasoning behind the need for such option?

I see none since if signature is optional somebody who is trying to
pretend to be you need not resign the email - he can just go ahead
and use your existing email removing your signature from it (or compose
new email pretending to be you).

Of course, I can see the same thing happening with any relaxed policy.

I believe it (WEAK) offers a stronger policy than NEUTRAL which does allow
for a 3rd party signer and a lower trust.  Atleast with the WEAK, it
protects against 3rd party signing (if detected).

And I see no point to that given no requirements for signatures to be
present from the sender site.

            +------------------------------------------------------+
            |            Sender Signing Policy Result              |
+-----------+----------------------------------------------+-------|
| result    |  WEAK  | NEUTRAL | STRONG  | EXCLU  | NEVER  | NONE  |
| verify    |   OPT  | OPT/3PS | REQ/3PS |  REQ   |        |       |
+-----------+--------+---------+---------+--------+--------+-------|
| NONE      | accept | accept  | reject  | reject | reject | accept|
|-----------+--------+---------+---------+--------+--------+-------|
| PASS      | accept | accept  | accept  | accept | reject | warn  |
|-----------+--------+---------+---------+--------+--------+-------|
| PASS 3PS  | reject | warn    | accept  | reject | reject | warn  |
|-----------+--------+---------+---------+--------+--------+-------|
| FAIL      | warn   | warn    | warn <.-+> warn  | reject | warn  |
|-----------+--------+---------+-------+-+--------+--------+-------|
| FAIL 3PS  | reject | warn    | warn <|-+> reject| reject | warn  |
+--------------------------------------+---------------------------+
       |   ^
       these all should be reject -+   |
                |
      warn from this column are unclear to me

Not sure which you are referring too?

FAIL verify, EXCLUSIVE?
FAIL 3PS verify, EXCLUSIVE?

If policy is EXCLUSIVE then if it fails to verify the result is reject,
you have it as warn (your welcome to also send a warning to sender that the signature failed but it does not change that signature MUST NOT be accepted).

If policy is STRONG and message's only signature is from origin and it fails to verify then the result should be exactly the same as above
- you have it as "warn".

If policy is STRONG and it has no signature from the origin then it
should also be rejected (you have that right).

If policy is STRONG and there are two signatures - one from the origin
that fails to verify and one 3rd party that verifies, then the
message should be accepted, but warning may optionally be sent.

If policy is STRONG and there are two signatures and both fail to verify
then the message SHOULD NOT be accepted (and warning can again be sent).

BTW - In general I had hard time distinguishing in your matrix situations with two signatures (one direct and one 3rd party) and when in such situations only one of the signatures verifies.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread] Current Thread [Next in Thread>