Comments in-line at the risk of this getting overly long.... > -----Original Message----- > From: [email protected] [mailto:ietf-dkim- > [email protected]] On Behalf Of John R. Levine > Sent: Monday, May 10, 2010 3:44 PM > To: [email protected] > Cc: DKIM List > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > On 5/7/2010 10:07 AM, John R. Levine wrote: > >> No, all it says is "we signed this mail." A signer with a good > reputation > >> will presumably rarely sign mail where the From: address actively > >> misidentifies the sender, but that's a second order effect. > > "misidentifies" covers quite a lot. > > I used it to mean that the From: address doesn't have a reasonable > connection to any of the persons or entities that composed the message, > for some reasonable definition of reasonable. >
That would be acceptable if you could avoid the use of the word reasonable 3 times in a one sentence explanation of your intent. > > If I send mail from bbiw.net (well, actually, sbh17.songbird.com is my > > standard MSA) but label the From: field as being gmail.com, that's > reasonable > > to classify as "misidentifying" the From: address, since songbird has > nothing > > to do with gmail. > > No, that's not misidentification. It may be something else, but we need > more precise terminology, preferably that avoids loaded terms like > "forgery". > We have been saying we need more precise terminology for years..... > > Operator-based signing is typically meaning that the message was posted > by an > > authorized user. There's absolutely no implication that the operator > checked > > or enforced the contents of the From: field. > > That entirely depends on what you know about the signer. Two of the > largest signers, Google and Yahoo, mechanically check that the user > receives mail at the From: address. One of the smallest, me, knows his > users well enough to be confident that they won't do hostile address > fakery even though I don't enforce anything mechanically beyond adding > trace headers. I have other opinions about other signers. > Opinions of signers? This takes us dangerously into reputation territory <G>. > I'm realizing that a basic problem we have with explaining DKIM is that it > makes semantic rather than operational assertions about messages. Since we > are nerds, many of us deeply want to assign operational definitions, like > "the people who know the passwords to the MTA that emitted this mail also > know the passwords to the DNS server for the domain in the From: line", > but they don't work, particularly for list mail in which the only > operational definition of a good list is one where the recipients like > what it sends. > The me part of we has looked deep into myself and found no such feelings hiding in any nook or cranny. > So here's a scenario. Let's say I run a political satire mailing list, to > which members contribute wacky messages pretending to be from famous > people like [email protected] or [email protected]. I use some technique > not visible in the outgoing mail to ensure that the contributions are from > list members (perhaps a password that's stripped out.) Of course the list > puts a shiny new DKIM signature on all its mail. The list is triple > opt-in with a cherry on top, and the subscribers await each list message > all agog. Filter that. > Well, if one or more of your subscribers was at a domain that checks to see if mail purporting to be from it actually came from one of it's servers AND that domain was one of the spoofed emails ..... why yesiree Bob, it would get filtered... but not on the basis of DKIM. I just love hypothetical scenarios..... If a DKIM signed message from the Moon to Jupiter is transported using DTN....... Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
