On 4/18/2025, Alessandro Vesely wrote:
On Wed 16/Apr/2025 21:04:27 +0200 Richard Clayton wrote:
[...]
DKIM2 does not "allow for hijacking" any more or less than is the case
for existing mail flows.
I'd hope for *less hijacking*.
As would I.
[...]
It is still possible to be malicious under these conditions, but they
are safe enough to ensure that the message is not distorted from the
intentions of the author, identified by the original From: field. Most
mailing lists operate within these conditions.
I am pretty sure that no-one disagrees that determining author's intent
is hard, sometimes even for humans.
To the opposite, a forwarder that changes, say, all the URLs —perhaps to
redirect through a security filter— needs to be absolutely trusted by
the receiver. Its changes don't satisfy the above rules.
This requires a trust anchor, and if I have a relationship with the
organization doing the modification outside of email, this trust becomes
easier -- perhaps even inferred in some cases where that the recipient
domain and the ADMD performing ARC sealing are the same. Please also
consider that MUAs might one day also wish to validate these messages
for themselves.
The more that I ponder the need for this modification-alegbra, the more
I wish that it wasn't required, and how we ended up here.
I'm just spitballing here, but;
Listserv and "security gateway" modifications, apart from URL defanging,
are just decorations to the messages. Adding [spam] or [list-x] to
subject lines, are largely for visual correlation and sorting. Adding
headers and footers to message bodies like "unsub here" or "this
messages was sent by an external sender" are visual reminders for some
sort of policy or process for the user to follow.
Perhaps these could be better provided by the MUA. Murray brings up
that "the IETF generally avoids giving user space advice," but I would
suggest that adding crypt-signed header records that are of specific
value to the MUAs might be an valid path to publish. This might provide
for a cleaner implementation for these decorations that promotes better
security and stability for the endusers via their MUAs. Adding these
sorts of labels to messages do not stand in the way of other efforts
like DKIM2, and after some time, and if the MUAs pick up on them, might
provide for better security in the future.
--
SgtChains
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
