[Mailman-Developers] dkim-signature headers

Barry Warsaw barry at python.org
Wed Feb 7 23:41:40 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Feb 7, 2007, at 5:06 PM, Michael Thomas wrote:

>>> I'm not saying I think that resigning is a Bad Thing, I'm saying  
>>> that it's
>>> speculative whether it's a Good Thing. You seem to keep ignoring the
>>> inherent attack involved with resigning:
>>>
>>> From: good at guy.org
>>> Sender: bad at fooledyou.com
>>> Dkim-Signature: d=fooledyou.com; [...]
>>
>> So wait, taken to its logical conclusion, doesn't this mean that  
>> really the only thing that DKIM cares about protecting is the  
>> sanctity of the From header?
> No, it doesn't. All it means is that you shouldn't blindly allow a  
> third party
> to vouch for a first party (or any other party for that matter).  
> This is just
> common sense: you need to have some trust in a third party before you
> trust what they have to say about another party, right?

Sure.  I guess my point was, that in your example above, what's being  
signed is the Sender header, and for that header, fooledyou.com /is/  
the first party.  So fooledyou.com is making no assertions about the  
 From header.  Is there a requirement in DKIM that the Sender domain  
is the same as the From domain?

For a non-anonymized non-digest message, where Mailman isn't going to  
change the From header, it obviously cannot sign the From header.  It  
will set its own Sender header, and is able to sign that.  In that  
scenario there's no third party signing going on.  Maybe the  
confusion is in the term "resigning".  I'm not actually proposing  
Mailman (or its downstream MTA) resign anything; I'm proposing that  
we add another signature for the headers that Mailman does control.   
Like Sender.

If we leave the original DKIM-Signature header alone, but simply add  
ours to match our Sender header, then we'll have at least one valid  
DKIM-Signature header, right?  The one for the From header may indeed  
be broken.  Maybe Mailman broke it or maybe some other system  
component broke it.

Is that what you thought I meant?  Is the scenario I just outlined  
inherently unsafe?

So now in fact, this leads to a concrete proposal that is simple, MLM- 
friendly and requires no changes to existing standards: a mailing  
list BCP is to DKIM sign the List-Id header.  You policy engine than  
can add weight for a message with a valid DKIM signature of the List- 
Id, even if other signatures, say by the original author are broken.

I think for now I'll cut this response short, because I'd like to  
know what you think about that.

- -Barry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQCVAwUBRcpVpHEjvBPtnXfVAQKEagP/WbWH5+rQuAofi5QrWgabibU8RRXZ8yqs
3nY1sZlYB616N6vuJoY4aqVN6Ud4AiXIS4gZPOsX5IEXiihK2XLYEL+JPtHMINHZ
al4aa/6sRxrizDGHDQH8db19umD0R9vYceBAoyjRwrE1b1XbBDh8+ALavXZ0Lum6
sD4/KOQC4+w=
=IUsC
-----END PGP SIGNATURE-----


More information about the Mailman-Developers mailing list