IETF Logo Mail Archive

Re: [ietf-822] one can re-sign without a permission to re-sign header

"John Levine" <johnl@taugh.com> Tue, 06 May 2014 02:02 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89F761A068C for <ietf-822@ietfa.amsl.com>; Mon, 5 May 2014 19:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.542
X-Spam-Level: *
X-Spam-Status: No, score=1.542 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-DyDBS1Arge for <ietf-822@ietfa.amsl.com>; Mon, 5 May 2014 19:02:29 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id 1D8E21A01F9 for <ietf-822@ietf.org>; Mon, 5 May 2014 19:02:28 -0700 (PDT)
Received: (qmail 39782 invoked from network); 6 May 2014 02:02:21 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 6 May 2014 02:02:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=e802.536842ad.k1405; i=johnl@user.iecc.com; bh=+kIcjwGLd0S2fFgVdaPSb90M0kp0w9FHO6cG45OnY/c=; b=T0xG/xJC/rF32mRthPecwLHN4DKDbWms+3HR7XSXJn2Lh73WR4KYGGaiNuK1MdWYGOxrNL8AOBmSi++Heb5YRUjf1fHzuW6mxXWhyfb7/aLHvDXisZ/4cnT4CPE2r/DodUTPcvKzW7e4q51yZo+f6kFedgGXqmrBGYI1aYzOdRsMb0Hu+I+p/ZSkchjNfHta9duXItucQ7+QQMj/FsvlGS3WZzl1p9ee8GjfEoULcwMXtba+FNA5E3vjBQ7DudEj
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=e802.536842ad.k1405; olt=johnl@user.iecc.com; bh=+kIcjwGLd0S2fFgVdaPSb90M0kp0w9FHO6cG45OnY/c=; b=O31KvsuIRUFQ6PsmJsXNtEDZ6qYo7782FCmdgmUeEog2f9zDBQz4Ism5UAwHZnudcfVwwx8jbmLdln7SE4Ph63aKKlfoP8Z4a1IWU0myx1JrPf1ufFtn9fwszOnxwIwf50F7r3mXVdmOC365iBbRHs1dFXB0clugTuysvohHGDKerfggTucHczzAduoGvZbP97n1LJju5TwqH03Gk/MMMLB4ikOJZ3m7SBLzCuWweosI9OoKcTJWuKjVgS/2ljuU
Date: Tue, 06 May 2014 02:01:59 -0000
Message-ID: <20140506020159.59393.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: ietf-822@ietf.org
In-Reply-To: <536750E7.3030009@pscs.co.uk>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/CO5MldymYuAjAQzaJwWzTnhd-Lw
Cc: paul@pscs.co.uk
Subject: Re: [ietf-822] one can re-sign without a permission to re-sign header
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 02:02:30 -0000

>That would provide some replay protection, especially if the forwarder 
>checks for duplicate message-ids (the recipient could also check for 
>dupes). Without it, I could see one of your messages on a list, then 
>send messages to everyone on the list, pretending to be you.

You could, but now we're back to whether we believe that list managers
act to keep crud out of their lists.  In general, I observe that they
do, so I don't see any point to adding features that assume that
managers will just sit there and allow subscribers to abuse their
lists.

Anecdote: I am on one non-technical list where there is an extremely
obnoxious person who chronically poisons the dialog, yet the list
managers are unwilling to eject.  (My guess is that he is a large
donor to the organization.)  I have dealt with him by bozo filtering
his mail in procmail, but other people keep writing to me and asking
isn't there list software that will let subscribers decide which other
subscribers' mail to get, i.e. do the bozo filtering in the list
software.  As far as I can tell, no, because this is not a problem
that many lists have.

R's,
John

v2.23.0 | Report a Bug | By Email