Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-12 08:07:36
On Mon, 12 Oct 2009 04:01:27 -0700 (PDT) Michael Deutschmann
<michael(_at_)talamasca(_dot_)ocis(_dot_)net> wrote:
On Sun, 11 Oct 2009, Scott Kitterman wrote:
Since mailing lists use their own envelope from, I guess I'm missing
something here. What would your envolope DKIM be signing and who would
sign it?
Ok, assume someone using envelope DKIM (which is *not* the same as
DKIM/ADSP) posts to the list. It arrives at the mailing-list server with
an
intact envelope signature.
How does this happen? Mail from is a property of the SMTP dialogue that is
only added to the message as return path by the receiver, so I don't
understand what there would be for the sender to sign?
Now, if the mailing-list is not aware of Envelope-DKIM, it changes the MAIL
FROM: and also mucks around a bit with the body.
When an ultimate recipient receives the message, he will look for an
Envelope-DKIM policy of the *mailing list's domain* (since that's what's in
MAIL FROM:), and find none. That means that no signatures are required, so
it will accept the mail. The broken signature is irrelevant, as to
Envelope-DKIM it is now 3rd-party. (Notwithstanding that it is 1st-party
to
DKIM/ADSP.)
If the mailing list is aware of Envelope-DKIM, it will take ownership of
the
message, purging the old Envelope-DKIM signature. It will then put a new
signature in, using its own domain and private key.
This is precisely analogous to the way SPF avoids mailing list FPs. Mailing
lists "friendly forge" the identity DKIM/ADSP cares about, but not the one
SPF and Envelope-DKIM track.
The advatange of Envelope-DKIM is that it would also have DKIM/ADSP's
resistance to forwarder FPs. The absence of both kinds of FP would allow
the
protocol to be spread faster than either SPF or DKIM/ADSP.
The problem with this scenario is that ADSP is tied to the body From domain
and so even if such a signature could be produced, it would fail an ADSP
check.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH,
Scott Kitterman <=
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|