On Tue, 6 Oct 2009, Scott Kitterman wrote:
On Tue, 6 Oct 2009 19:54:55 -0700 (PDT) Michael Deutschmann
<michael(_at_)talamasca(_dot_)ocis(_dot_)net> wrote:
...
But, the reason DKIM-ADSP suffers mailing list FPs is not because of any
deficiency in its cryptographic approach. It's only because it tries to
guard the header from (From:), rather than the envelope sender (MAIL
FROM:), that it has this problem. Meanwhile, its cryptographic approach
does well at avoiding traditional-forwarder FPs.
...
This is exactly backwards. Body From is preserved by mailing lists.
And that's the problem. The list doesn't preserve the signature, but
preserves a purported identity that requires the unbroken signature.
Mailing lists are "friendly forgery" of the header From:, and break under
DKIM/ADSP.
Traditional forwarders are "friendly forgery" of the envelope FROM:, and
break under SPF.
Neither would break under the hybrid protocol. It wouldn't care about
the friendly forgery of the mailing lists, and it would recognize most
traditional forwards as authentic because they are relayed verbatim.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com