On Thu 23/May/2024 16:44:07 +0200 Wei Chuang wrote:
On Mon, May 20, 2024 at 7:17 PM Murray S. Kucherawy <[email protected]> wrote:
On Sun, May 19, 2024 at 9:27 AM Wei Chuang wrote:
[...]
One idea is to have the forwarder sign with an ARC Message-Signature and
would take ownership of the new message. The forwarder would describe
the offsets to recover the original body length and some receiver can
validate the original DKIM signature. Those offsets will also describe
the forwarder's contribution to the message. There would also be
problems around secure footer modification of Content-type header that
are unsolved e.g. what to do if Content-type is oversigned. All this
work might be good candidates for the newly chartered Mailmaint WG. >>
Before we make suggestions about ARC, I would strongly suggest someone try
that as a solution or mitigation to this problem. I would not like us to
publish something that shouts about this being a serious problem but then
presents untested solution(s). And frankly, I'd like to see ARC graduate
out of Experimental status if that's what we want to put forward as a
solution.
As to MAILMAINT as a venue, we'll have to see whether the community thinks
this is "big" or "small"; if the former, it should probably get its own WG.
Just specifically in regards authenticating mailing list modifications:
fair enough that the ideas should be implemented first before any sort of
IETF publication for it. Still there ought to be a place for informal,
early discussion of ideas on authenticating mailing lists. For this
proposal, I think there are issues around the intersection of DKIM signing
and Content-type, and in particular, there will be advice such as in the
researcher's blogpost
<https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/> that
calls for "h=" oversigning the Content-type header to help prevent the
delimitter modification as was done. While understandable, I suspect this
prevents adding a mailing list footer as a new MIME part and perhaps too
restrictive. Instead would it be reasonable to say there be sufficient
protection if the forwarder takes ownership of appended footers? If not,
another approach would be to version the Content-type header? Yet another
approach would be to resign the DKIM signature by the forwarder, but that
hides who the sender is causing UI and spam filtering problems.
I agree that signing Content-Type: is overkill.
Going back to my original point, would the ietf-dkim list be the right place
for this cross-cutting discussion? I think there are a few targeted
questions that need some discussion. (We're interested prototyping but
that's at least a quarter or so away)
I think mailmaint can be a good venue for airing these kind of proposals,
without committing the WG to an extensive discussion, that is without I-D
adoption. Or is it better ietf-dkim? Or ietf-smtp?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
