[Mailman-Developers] dkim-signature headers
Barry Warsaw
barry at python.org
Wed Feb 7 23:41:40 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 7, 2007, at 5:06 PM, Michael Thomas wrote:
>>> I'm not saying I think that resigning is a Bad Thing, I'm saying
>>> that it's
>>> speculative whether it's a Good Thing. You seem to keep ignoring the
>>> inherent attack involved with resigning:
>>>
>>> From: good at guy.org
>>> Sender: bad at fooledyou.com
>>> Dkim-Signature: d=fooledyou.com; [...]
>>
>> So wait, taken to its logical conclusion, doesn't this mean that
>> really the only thing that DKIM cares about protecting is the
>> sanctity of the From header?
> No, it doesn't. All it means is that you shouldn't blindly allow a
> third party
> to vouch for a first party (or any other party for that matter).
> This is just
> common sense: you need to have some trust in a third party before you
> trust what they have to say about another party, right?
Sure. I guess my point was, that in your example above, what's being
signed is the Sender header, and for that header, fooledyou.com /is/
the first party. So fooledyou.com is making no assertions about the
From header. Is there a requirement in DKIM that the Sender domain
is the same as the From domain?
For a non-anonymized non-digest message, where Mailman isn't going to
change the From header, it obviously cannot sign the From header. It
will set its own Sender header, and is able to sign that. In that
scenario there's no third party signing going on. Maybe the
confusion is in the term "resigning". I'm not actually proposing
Mailman (or its downstream MTA) resign anything; I'm proposing that
we add another signature for the headers that Mailman does control.
Like Sender.
If we leave the original DKIM-Signature header alone, but simply add
ours to match our Sender header, then we'll have at least one valid
DKIM-Signature header, right? The one for the From header may indeed
be broken. Maybe Mailman broke it or maybe some other system
component broke it.
Is that what you thought I meant? Is the scenario I just outlined
inherently unsafe?
So now in fact, this leads to a concrete proposal that is simple, MLM-
friendly and requires no changes to existing standards: a mailing
list BCP is to DKIM sign the List-Id header. You policy engine than
can add weight for a message with a valid DKIM signature of the List-
Id, even if other signatures, say by the original author are broken.
I think for now I'll cut this response short, because I'd like to
know what you think about that.
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRcpVpHEjvBPtnXfVAQKEagP/WbWH5+rQuAofi5QrWgabibU8RRXZ8yqs
3nY1sZlYB616N6vuJoY4aqVN6Ud4AiXIS4gZPOsX5IEXiihK2XLYEL+JPtHMINHZ
al4aa/6sRxrizDGHDQH8db19umD0R9vYceBAoyjRwrE1b1XbBDh8+ALavXZ0Lum6
sD4/KOQC4+w=
=IUsC
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list