RE: [ietf-dkim] Re: dkim service

Thu, 13 Oct 2005 12:51:49 -0700

Title: Re: [ietf-dkim] Re: dkim service
I think that the realistic goal here is that it should be possible for a list to be configured to allow a message to survive.
 
I would expect the few lists where authenticity is a big deal (e.g. full disclosure) to do this.
 
It would also be useful to give some guidelines to mailing lists that are going to mangle messages of ways in which they can do this without causing grief.
 
The key point about a mailing list is that the user subscribes to it. So an email client that is aware of what it is doing can in theory make the right choice here.
 
Example
 
Alice
    signs message
    sends to the Mangle Mailing List
Mangle:
    converts the HTML message into plaintext
    [optional removes Alice's signature]
    adds the RFC ???? Mailing list headers
    adds a DKIM signature
Carol, Doug, etc mail servers:
    looks at the last signature to be applied first, sees that it verifies
    notes that the signature includes the mailing list headers
    notes that Carol Doug etc have subscribed to this list
    concludes that the message is likely authentic despite being out of compliance with SSP
 
Compared to what is being done today this is a cakewalk. This is a completely objective process with no need for AI complete processing.
 
 
If Alice was doing Secure Letterhead then her logotype icon should NOT be displayed in this case (signature invalid)
 
But a logotype icon for the list could be displayed.
 

From: [EMAIL PROTECTED] on behalf of John Levine
Sent: Thu 13/10/2005 2:58 PM
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: Re: [ietf-dkim] Re: dkim service

>3. If it decides that it should pass, the mailing list should LEAVE the
>existing signature (that part is not universally agreed on, of course,

Since the signature won't verify any more, I don't see the point.
There have been some proposals to standardize a header that a verifier
could add to say that it found a good signature, and the outgoing
signer could sign that, but I'm not sure that's any more useful in
practice.  How much list mail do you get where there's a question
about whether the nominal sender really sent a message?  Again, in my
experience it's rare enough that we are reduced to citing individual
spoofed messages.

>The mailing list may, of course, choose to re-sign the message even if
>it does not mangle it, which is all the more reason to leave the
>original (still-valid) signature there.

If the list happens to do little enough to the messages that the
signature still passes, that's fine.  I just want to make sure that
surviving lists is a non-goal, because it's a hopeless swamp.

R's,
John



_______________________________________________
ietf-dkim mailing list
http://dkim.org

_______________________________________________
ietf-dkim mailing list
http://dkim.org

Reply via email to