Re: [ietf-822] one can re-sign without a permission to re-sign header
Ned Freed <ned.freed@mrochek.com> Sat, 26 April 2014 18:07 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CFE01A026D for <ietf-822@ietfa.amsl.com>; Sat, 26 Apr 2014 11:07:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.274
X-Spam-Level:
X-Spam-Status: No, score=-2.274 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjUtP2TCJerm for <ietf-822@ietfa.amsl.com>; Sat, 26 Apr 2014 11:07:24 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7111A0647 for <ietf-822@ietf.org>; Sat, 26 Apr 2014 11:07:23 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P73LU2XN8W000WRN@mauve.mrochek.com> for ietf-822@ietf.org; Sat, 26 Apr 2014 11:02:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1398535334; bh=BMkMyioybYttXoB0aGbjiTDT/8Ox8Z/U0ay1X7dFPbA=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=oqFEz/JWQlb6yyIrop5ZJa8s3mdyHX7Wm06zGguQYUs7M8A/yI+W8jTrA31owh4p8 DwOOR1X2p6Hn744rAzkZ9TGTYhsTm7q2dpFVFNStkq141UKmGP1YrAPZ5E31tCAD7z FUf22LX4nqvYrJ0ZtxsiNMf3O+iXR/C8ztoAbuoQ=
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET="iso-8859-1"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P714CWLY4W000052@mauve.mrochek.com>; Sat, 26 Apr 2014 11:02:11 -0700 (PDT)
Message-id: <01P73LU0RT9I000052@mauve.mrochek.com>
Date: Sat, 26 Apr 2014 10:56:36 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sat, 26 Apr 2014 19:32:05 +0200" <535BED95.6090304@tana.it>
References: <535646AA.2080400@pscs.co.uk> <20140422202403.42908.qmail@joyce.lan> <01P6Y9IJSOEG000052@mauve.mrochek.com> <535B8B07.6090307@tana.it> <01P73EQM1PKQ000052@mauve.mrochek.com> <535BED95.6090304@tana.it>
To: Alessandro Vesely <vesely@tana.it>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/-BSPNks36iZgD9q_vHEdxUE4iII
Cc: ietf-822@ietf.org, Ned Freed <ned.freed@mrochek.com>
Subject: Re: [ietf-822] one can re-sign without a permission to re-sign header
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2014 18:07:27 -0000
> On Sat 26/Apr/2014 16:24:24 +0200 Ned Freed wrote: > >>>>> I know people think I'm wrong, but I think it needs to be looked at a > >>>>> different way. As a recipient, I don't want 'proof' that this message > >>>>> came from Alessandro, I want 'proof' that it came from the > >>>>> ietf-822@ietf.org mailing list. > >>> > >>>> I think you're right. > >>> > >>> I concur as well. > > > >> Eh? I agree a /receiver/ can do a better job by considering mailing > >> list messages as an already filtered/moderated mail stream, rather > >> than a collection of independent messages. Talking domain-level > >> authentication, even the local part is irrelevant. As a /recipient/, > >> however, the list where a message came from, ietf-822, ietf-smtp, or > >> whatever, is a rather circumstantial attribute of a message. I > >> obviously care much more about who says what in which thread... > > > > You're conflating completely different things here. We're talking > > about assessing the validity of a message, not about the value of > > the content of different valid messages. > Yes, only human recipients can distinguish between those. > > And the fact is that essentially every mailing list I'm on - and > > I'm on a lot of them run by a lot of different organizations - is > > very good at blocking junk mail. As such, knowing that a message > > came from one of the lists I'm on - even if I don't recognize the > > person posting or the topic they're posting about - is more than > > enough to tell me that the message isn't garbage. > Fully agreed. My point is that all too often receiving MTAs don't > know what lists their users are on. That has various nefarious > consequences, but maybe the one we are now talking about is relevant > enough to make a change. All the proposed solutions require that the > originator's relay knows if the recipient of a message is a mailing list. Which is precisely the point of having a mechanism to whitelist the ones you are on. > >> SPF authentication covers most subscribers, but not those who have > >> their mail forwarded to different sites (unless the forwarders use > >> SRS). DKIM signatures survive forwarding. > > > > Sometimes they do, sometimes they don't. Depends on a lot of factors. > I've been using weak signatures (as on this message) for years now, > and my limited experience, based on DMARC reports after posting to one > of the few lists I'm on, seems to say they survive in many cases. > (Well, some lists strip DKIM-Signatures off.) I'd propose an even > weaker signature: h=From:To:Date; l=0. It should be unbreakable. I doubt it. > >> Neither method is useful for DMARC because the domain being > >> authenticated is that of the mailing list, which is aligned with > >> "To:" rather than "From:". > > > >> Is it possible to introduce "To:" as a _secondary identifier_ in the > >> DMARC mechanism? In that case a weak DKIM signature could be the > >> element which authorizes receivers to use the secondary identifier. > > > > Maybe, but I doubt very much this would be useful. Indeed, the > > reason we're in this mess is because DMARC attaches semantic > > restrictions to the From: field. Attaching more semantics to more > > header fields does not seem like a move in the right direction to > > me. > This trick cuts two ways. On the one hand, receivers who implement > the modified DMARC will recognize the strong (list) signature after > verifying the weak (author's domain) one. The list can also be > authenticated by SPF in this case. On the other hand, unmodified > receivers will just accept the weak signature if they don't have > restricting policies on signatures' strength. > > I'd much rather pursue Pete's approach. > I like it too, but I haven't fully grasped it. On the 16th he wrote: > If the originator's site is going to allow that, you could create a > mechanism where the originator's site gets some sort of > cryptographic data from the mailing list site and include that in > its signed message, such that when the eventual recipient gets the > message, it can verify that it came from a mailing list site that > the originator explicitly sent the mail to. > https://mailarchive.ietf.org/arch/msg/ietf/T823fjs5PWq2BjvOZ-FzZ5YMjSA > I assume the final message has a valid author's domain signature, > otherwise we need to modify DMARC. Or override it. > The only way I see is that the > MLM, after message modification, sends the message or its hash back to > the author's site to get it signed. That sounds too complicated, so I > must be missing something. Perhaps it's time for a more concrete proposal to be written down. Ned
- [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] A permission to re-sign header Hector Santos
- Re: [ietf-822] A permission to re-sign header Murray S. Kucherawy
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Murray S. Kucherawy
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Michael Richardson
- Re: [ietf-822] A permission to re-sign header Michael Richardson
- Re: [ietf-822] A permission to re-sign header Theodore Ts'o
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header Miles Fidelman
- Re: [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] one can re-sign without a permissi… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Ned Freed
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Paul Smith
- Re: [ietf-822] don't need a permission to re-sign… John Levine
- Re: [ietf-822] don't need a permission to re-sign… Ned Freed
- Re: [ietf-822] don't need a permission to re-sign… John R Levine
- Re: [ietf-822] don't need a permission to re-sign… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Pete Resnick
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- [ietf-822] We need a DKIM Policy Working Group Hector Santos
- Re: [ietf-822] We need a DKIM Policy Working Group S Moonesamy
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- Re: [ietf-822] one can re-sign without a permissi… Pete Resnick
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Paul Smith
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- [ietf-822] WSJ/gmail/ML, was a permission to... Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Rolf E. Sonneveld
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Dave Crocker
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Bart Schaefer
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] one can re-sign without a permissi… Brandon Long
- Re: [ietf-822] one can re-sign without a permissi… Murray S. Kucherawy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Scott Kitterman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] one can re-sign without a permissi… Murray S. Kucherawy
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs S Moonesamy
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs S Moonesamy
- Re: [ietf-822] Aptness of DKIM for MLs Hector Santos
- Re: [ietf-822] Aptness of DKIM for MLs Douglas Otis
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs Douglas Otis
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Douglas Otis
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis