[Top] [All Lists]

Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols

2013-10-25 17:05:15
On 10/25/2013 5:49 PM, Ned Freed wrote:
Given that you can only trust the last Received header, I'm not clear what
is accomplished.

False. You can trust the Received: chain back to the point where it reaches an
IP you don't trust to insert Received: fields reliably. Depending on the
circumstances that number can be anywhere from 0 to as many Received: fields as
there are in the message.

By the way, there might be an opportunity to improve accountability implied by this discussion exchange:

     signing the audit trail.

DKIM doesn't validate any content other than its own d= value, of course.

However one might define a value-added snap-on tool that declared content signed with the domain name asserting the snap-on tool to be valid.

So if it signed a Received sequence, including the snap-on tool/field, it would be declaring that Received sequence valid. (Small issue of having the signature indicate exactly which Receiveds it is reference, since it needs to excludes the one it cannot assert trust over.)

This won't mean that the signed Receiveds automatically known to be valid, but it means you know who to contact about them, to the extent you can contact the owner of the validity-asserting signer is...

That is, I'm trying to take the implicit trust that is built into the model Ned just referenced and find a way to extend it with some extra mechanism.


Dave Crocker
Brandenburg InternetWorking
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>