It's also not clear to me that there is any reason for a verifier to
care about the strength of a signature. If a signer wants to put weak
signatures on mail and take the risk that his reputation will be
sullied by heavily mutated messages, that's not the verifier's
problem.
Actually, it is, since it is the verifier's system that will let the
mail get delivered, or not, to an associated mailbox. It is /their/
users who will be most directly affected.
Or, at least, I have assumed that is why folks are so concerned about
the increased ability to do a replay attack if the signature is 'weak'
(mostly meaning, doesn't cover the body.)
Since we have, as far as I can tell, never seen weak signatures, nor am I
aware of any actualy attacks that attempt to turn messages into spam while
preserving the signature, at this point it's entirely hypothetical.
It feels like some people (not you I hope) are assuming that if a message
has a valid signature, it's good and you deliver it, which is of course
wrong. If the signature is valid *and* the signer has a good reputation,
then a delivery agent might do something nice to the message. If it sees
a lot of cruddy mail with my signature, I'm going to have a bad
reputation, and it doesn't matter whether I'm signing spam, or I'm putting
on weak signatures that third parties are turning into spam. Indeed, it's
hard to see how a verifier could even tell the difference.
R's,
John
PS: If we're going to tell people what's a sufficiently strong signature,
could we start by deciding whether it's sufficient to put one "from" in
the h= tag ?
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
