On 28/Apr/10 12:58, SM wrote: > At 11:27 27-04-10, Alessandro Vesely wrote: >>At any rate, all what I'm trying to say is that a few certified >>fields, e.g. "From:", "To:", and "Date:", are more useful than a >>broken signature, in most cases. > > Yes, they are. RFC 4871 describes what is being covered by the DKIM > Signature. For the sake of the discussion, I'll overlook that.
The term "integrity" only appears in the abstract. > It would be good to have these fields certified by limiting the DKIM > signature to cover them only. There are cases where we will still > end up with a broken signature though. Do you have specific examples? Could a "mellowed" canonicalization cope with them? > In a one to one exchange, let's presume that the message won't be reinjected. (but snooping is possible) > It's different > for an open mailing list as you any of the subscribers can reuse what > has been certified and add their own content. In simple terms, you > are providing a blind certificate by only (DKIM) signing those fields. Yes, I am, but with added constraints with respect to what they can do using no signature at all. The "Date" constraint may result in badly positioning those replayed messages. Wrong "To" fields make a message suspect. In addition, spammers don't seem to be seeking the increased likelihood of being opened that messages could get if their "From" values were familiar to the recipients. > We could use this blind certification for one to one exchanges. If > the recipient's account or any of the hops through which the message > transits is compromised, there will be abuse. That's already > happening by the way. Replay attacks? Spam is also happening. As an email user, I'm not overly worried about spoofed signatures: They are not legally binding, and I trust human recipients are able to distinguish fake messages in case they occur. I'm not easing spammers' job by signing mail, even though I'd use weaker signatures for increased resiliency. In facts, the backscatter I get is not signed. > I would caution anyone against using such a > certification for mailing lists as they will be providing a means for > anyone to affix their DKIM signature to new content. I am not > recommending "l=0". The reason I'm also reluctant to recommend it is because restrictive acceptance policies may discard such messages, as John mentioned. The same concern also applies to possible weaker canonicalizations: would receivers be tempted to rule them out? I think receivers should trust the signing policies that senders devise for the messages they send. It is true that by the 80%-20% criterion DKIM may work without l=0. However, it breaks mailing list traffic and MIME-conformant forwarding (compare that to SPF.) Do we aim at 100%? _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
