[Mailman-Developers] dkim-signature headers
Barry Warsaw
barry at python.org
Tue Feb 6 22:52:46 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 5, 2007, at 10:56 AM, Michael Thomas wrote:
> This is all
> really fuzzy
> though: barring S/MIME there's no guarantees about "authorship" per
> se.
That's reasonable and I don't think it contradicts anything else
being said here. E.g. if I use OpenPGP signed mail because I want to
assert that the words you read are mine. If some intermediary (some
of which I know about and others I have no clue about) break my
signature, well then you can't verify that what you're reading are my
words as I typed them. That's exactly what should happen.
> Once
> it's in the hands of your MSA, it owns it. What DKIM tries to do is
> at least
> give some guarantees at the administrative/delegation points (ie, the
> domain)
> to other administrative/delegation points. It can only do this if the
> intermediate
> agents in the delivery path don't destroy the signature. If something
> destroys
> the signature, it's then taking responsibility for the downgrade in
> the
> assurance
> that the signature provided. Some receivers may accept that
> downgrade, some
> may weight it negatively, some may reject it out of hand. But
> ultimately
> it's
> the responsibility of the signature mangler to make that tradeoff.
This aligns with the way I see DKIM being useful in a mailing list
environment. The MLM mangles the message in ways appropriate to its
use patterns, and it takes responsibility for the message by signing
it with its own DKIM key. The fact that the From header still shows
the original author is orthogonal.
> And I really have no clue what "adjustment" you might be thinking of.
> Removing things that are signed so as to make the signature useless?
> Something people need to grok is that transformations of messages by
> mailing lists need to be viewed as no different than
> transformations made
> by an attacker. How does a piece of delivery machinery know whether
> transformations are benign or malicious? Not very well, as it turns
> out.
It's also no different than transformations that can happen to email
for any number of possible reasons. I'm old enough to remember when
UUCP delivery would do all kinds of transformations to emails. What
about other delivery mechanisms such as NNTP gating or archiving?
Maybe your imap server does something wacky to the messages. Those
transformations can be perfectly legitimate, as I claim a mailing
list's transformations are. You as the final recipient of this
message can only verify that the MLM has vouched for the message and
hope that whatever gateways between the MLM and you haven't broken
the signature.
> What we've been going on is that people sort understand From and
> that's
> about it. Machine learning may be more clever in time. For mailing
> lists
> to destroy the From signature is a problem -- compounded immensely by
> arbitrarily deleting them from whence nothing can recover the
> signature.
I go back to section 9.3 of the DKIM overview. If you could
implement the parsing of the DKIM headers and guarantee that any
transformations made by Mailman would not break the signature, then
Mailman could add its own signature and everything would be golden.
Mailman currently cannot make such a guarantee and cannot sign
outgoing message with its own DKIM signature, so ISTM that we're
doing the right thing by removing the existing DKIM header.
If you (or anyone else) would like to donate some code to allow
Mailman to do something more intelligent with the DKIM headers, for
example by allowing us to choose points 1 or 2 from section 9.3, such
a contribution would definitely be welcome.
> Spammers and bad guys can resign too. As I said, people grok From and
> that's about it. If adding a third party signature causes people to
> give
> more
> credence to the From address, then you've opened yourself up to
> malicious
> third parties. The draft specifically states that a third party
> signature needs to
> be an "acceptable" third party signature. That is, a third party you
> trust not
> to screw you. How you determine that trust is not specified, but it
> is still
> required.
The right thing then would be for Mailman to sign the Sender header.
Unfortunately, no MUA that I know of presents that information to a
user, but it could still be used by a DKIM verifier.
> I'm afraid that intransigence from the mailing list community is
> likely to
> really backfire. Mailing list traffic is an extremely small percentage
> of traffic,
> and most admins are likely to just ignore the collateral damage if
> it's too
> much a nuisance. Don't get me wrong: I spend far too much of my day on
> mailing lists and would really like things to work out. But hard line
> positions
> in the face of thorny engineering tradeoffs doesn't help.
Well, mailing lists and even email will probably die with us
dinosaurs anyway. All the kids are using IM, IRC, and VOIP instead.
But lets be honest, the DKIM specs themselves acknowledge that there
are, at the very least, still open questions w.r.t. mailing list use
cases. So, trying to explore what the right thing to do work better
than threats or hard-line positions.
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRcj4rnEjvBPtnXfVAQKEogQAsz0wifOZ1ocEiGX8EoJVCAsDtta21+Cr
zTX3+oihGJgiGiOnYLW7s/SgPBT3/KZugjQ0WWss4TkVss/YjAy/02mGh3i8uTkH
OKlUpnIWWmhzLPjuexA1o2RS3IChjZODSJ80fJL99jfymaR3eoDA+a4BKQIpB8z/
Q9xvLNrJuZ0=
=9teO
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list