Re: [ietf-822] WSJ/gmail/ML, was a permission to... (on-topic)

Russ Allbery <eagle@eyrie.org> Tue, 06 May 2014 22:10 UTC

Return-Path: <eagle@eyrie.org>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 715801A049F for <ietf-822@ietfa.amsl.com>; Tue, 6 May 2014 15:10:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.648
X-Spam-Level:
X-Spam-Status: No, score=-3.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FUZZY_AMBIEN=0.552, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aS8YAJLFvjXE for <ietf-822@ietfa.amsl.com>; Tue, 6 May 2014 15:10:54 -0700 (PDT)
Received: from smtp.stanford.edu (smtp2.Stanford.EDU [171.67.219.82]) by ietfa.amsl.com (Postfix) with ESMTP id E83D81A0469 for <ietf-822@ietf.org>; Tue, 6 May 2014 15:10:53 -0700 (PDT)
Received: from smtp.stanford.edu (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 3612034340C for <ietf-822@ietf.org>; Tue, 6 May 2014 15:10:50 -0700 (PDT)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.67.225.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.stanford.edu (Postfix) with ESMTPS id 1CE1134349A for <ietf-822@ietf.org>; Tue, 6 May 2014 15:10:49 -0700 (PDT)
Received: by windlord.stanford.edu (Postfix, from userid 1000) id F39DE2F4EA; Tue, 6 May 2014 15:10:48 -0700 (PDT)
From: Russ Allbery <eagle@eyrie.org>
To: ietf-822@ietf.org
In-Reply-To: <5368C157.5030806@tana.it> (Alessandro Vesely's message of "Tue, 06 May 2014 13:02:47 +0200")
Organization: The Eyrie
References: <20140418123721.3610.qmail@joyce.lan> <5365357D.2020101@tana.it> <53653C7A.3090304@pscs.co.uk> <53655C13.9070201@isdg.net> <5365F4F8.6020605@pscs.co.uk> <536629D7.7040809@meetinghouse.net> <6.2.5.6.2.20140505075814.0c9b0a68@resistor.net> <5367DB93.3050509@meetinghouse.net> <6.2.5.6.2.20140505124909.0cbcd6a8@resistor.net> <5368388F.6080201@meetinghouse.net> <87wqdzels9.fsf@windlord.stanford.edu> <5368C157.5030806@tana.it>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
Date: Tue, 06 May 2014 15:10:48 -0700
Message-ID: <87eh06wobb.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/baO7gCbqiwiyHLJ35lGtAS47GmQ
Subject: Re: [ietf-822] WSJ/gmail/ML, was a permission to... (on-topic)
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 22:10:55 -0000

Alessandro Vesely <vesely@tana.it> writes:

> I beg to differ.  To adjust the signature scheme so that it works in the
> face of resending is plan A.  The From: field is set by the author's MUA
> and checked by the MSA.[1] Leaving it unaltered is a privilege that
> resenders need to earn by enforcing MSA-equivalent checks.  WSJ article
> sending is an example where From: ought to be changed, while gmail and
> MLs can keep it unaltered.

Ah, yes, that scheme also works, as long as you can change the verifiers
to support this new scheme.  And would definitely be an improvement over
rewriting the From header.

> It is a technical challenge to define authentication correctly, but we
> should not modify the semantics in order to meet the constraints.

Wholeheartedly agreed.

-- 
Russ Allbery (eagle@eyrie.org)              <http://www.eyrie.org/~eagle/>