Re: [ietf-822] one can re-sign without a permission to re-sign header
Pete Resnick <presnick@qti.qualcomm.com> Wed, 30 April 2014 15:55 UTC
Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A418E1A092B for <ietf-822@ietfa.amsl.com>; Wed, 30 Apr 2014 08:55:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.952
X-Spam-Level:
X-Spam-Status: No, score=-4.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPa1jOa6HLfd for <ietf-822@ietfa.amsl.com>; Wed, 30 Apr 2014 08:55:09 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by ietfa.amsl.com (Postfix) with ESMTP id B00DC1A08DD for <ietf-822@ietf.org>; Wed, 30 Apr 2014 08:55:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1398873308; x=1430409308; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=k+pF/BCqdlGT7Vcex1XTWHImhmftTuDL53V7EVBv0rE=; b=t1JltqY8V8aFZJ9XKWMvTIw/SKZuQUy+FLrsCayLvhN4j3ugpM7GVxCV mOeCmYlAI7pRGXjgG6vaGvzuRc1U+LyIrKabhdeixGGyEGRpK2XfKgmZw CUtGT58NfLpo/g5AfLvFVv2/5i0iinB4JQm0Y2fz3mCQRViTRb/i3phsJ s=;
X-IronPort-AV: E=McAfee;i="5600,1067,7423"; a="32254299"
Received: from ironmsg01-lv.qualcomm.com ([10.47.202.180]) by wolverine01.qualcomm.com with ESMTP; 30 Apr 2014 08:55:08 -0700
X-IronPort-AV: E=Sophos;i="4.97,959,1389772800"; d="scan'208";a="30161502"
Received: from nasanexhc16.na.qualcomm.com ([10.45.158.213]) by ironmsg01-lv.qualcomm.com with ESMTP/TLS/RC4-SHA; 30 Apr 2014 08:54:57 -0700
Received: from nasanexhc05.na.qualcomm.com (172.30.48.2) by nasanexhc16.na.qualcomm.com (10.45.158.213) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 30 Apr 2014 08:54:57 -0700
Received: from presnick-mac.local (172.30.48.1) by qcmail1.qualcomm.com (172.30.48.2) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 30 Apr 2014 08:54:56 -0700
Message-ID: <53611CCE.3010302@qti.qualcomm.com>
Date: Wed, 30 Apr 2014 08:54:54 -0700
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Ned Freed <ned.freed@mrochek.com>
References: <535646AA.2080400@pscs.co.uk> <20140422202403.42908.qmail@joyce.lan> <01P6Y9IJSOEG000052@mauve.mrochek.com> <535B8B07.6090307@tana.it> <01P73EQM1PKQ000052@mauve.mrochek.com> <535BED95.6090304@tana.it> <01P73LU0RT9I000052@mauve.mrochek.com>
In-Reply-To: <01P73LU0RT9I000052@mauve.mrochek.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.30.48.1]
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/EGjyz173nFHINsEzcNEZ3ppMMBg
Cc: ietf-822@ietf.org, Alessandro Vesely <vesely@tana.it>
Subject: Re: [ietf-822] one can re-sign without a permission to re-sign header
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 15:55:19 -0000
On 4/26/14 10:56 AM, Ned Freed wrote: >>> I'd much rather pursue Pete's approach. >>> >> I like it too, but I haven't fully grasped it. On the 16th he wrote: >> >> If the originator's site is going to allow that, you could create a >> mechanism where the originator's site gets some sort of >> cryptographic data from the mailing list site and include that in >> its signed message, such that when the eventual recipient gets the >> message, it can verify that it came from a mailing list site that >> the originator explicitly sent the mail to. >> https://mailarchive.ietf.org/arch/msg/ietf/T823fjs5PWq2BjvOZ-FzZ5YMjSA >> >> I assume the final message has a valid author's domain signature, >> otherwise we need to modify DMARC. >> > Or override it. > > >> The only way I see is that the >> MLM, after message modification, sends the message or its hash back to >> the author's site to get it signed. That sounds too complicated, so I >> must be missing something. >> As I said to someone earlier, I take it that the author's site is allowing the author to have the mailing list resend a modified version of their message, whatever the modifications might be. So all that the mailing list needs is a short-lived token (probably signing the Date: and From: fields, maybe encrypted with the *mailing list site's* key), resigned by the mailing list site along with whatever the mailing list sees fit to sign, such that the eventual recipient can see that the message (a) came via the mailing list from the mailing list's site and (b) the mailing list got the message (some short time ago) from the author's site. That shouldn't require the mailing list to communicate with the author's site, but it might require the author's site to get something from the mailing list's site. > Perhaps it's time for a more concrete proposal to be written down. > Ah, for a world with more time just to read these messages, let alone write down a proposal. If there are others who have a handle on what I'm thinking about and want to work on this, I'm happy to spin up a WG to work this out. There's no way I'm going to be able to hold the pen on this, but I think I hear sufficient motivation to get this done. pr -- Pete Resnick<http://www.qualcomm.com/~presnick/> Qualcomm Technologies, Inc. - +1 (858)651-4478
- [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] A permission to re-sign header Hector Santos
- Re: [ietf-822] A permission to re-sign header Murray S. Kucherawy
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Murray S. Kucherawy
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Michael Richardson
- Re: [ietf-822] A permission to re-sign header Michael Richardson
- Re: [ietf-822] A permission to re-sign header Theodore Ts'o
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header Miles Fidelman
- Re: [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] one can re-sign without a permissi… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Ned Freed
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Paul Smith
- Re: [ietf-822] don't need a permission to re-sign… John Levine
- Re: [ietf-822] don't need a permission to re-sign… Ned Freed
- Re: [ietf-822] don't need a permission to re-sign… John R Levine
- Re: [ietf-822] don't need a permission to re-sign… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Pete Resnick
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- [ietf-822] We need a DKIM Policy Working Group Hector Santos
- Re: [ietf-822] We need a DKIM Policy Working Group S Moonesamy
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- Re: [ietf-822] one can re-sign without a permissi… Pete Resnick
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Paul Smith
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- [ietf-822] WSJ/gmail/ML, was a permission to... Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Rolf E. Sonneveld
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Dave Crocker
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Bart Schaefer
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] one can re-sign without a permissi… Brandon Long
- Re: [ietf-822] one can re-sign without a permissi… Murray S. Kucherawy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Scott Kitterman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] one can re-sign without a permissi… Murray S. Kucherawy
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs S Moonesamy
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs S Moonesamy
- Re: [ietf-822] Aptness of DKIM for MLs Hector Santos
- Re: [ietf-822] Aptness of DKIM for MLs Douglas Otis
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs Douglas Otis
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Douglas Otis
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis