IETF Logo Mail Archive

Re: [ietf-822] WSJ/gmail/ML, was a permission to... (on-topic)

Alessandro Vesely <vesely@tana.it> Tue, 06 May 2014 11:02 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 614791A0774 for <ietf-822@ietfa.amsl.com>; Tue, 6 May 2014 04:02:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.521
X-Spam-Level:
X-Spam-Status: No, score=-2.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FUZZY_AMBIEN=0.552, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YLEuaFtg5A7 for <ietf-822@ietfa.amsl.com>; Tue, 6 May 2014 04:02:53 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 3F96E1A02A8 for <ietf-822@ietf.org>; Tue, 6 May 2014 04:02:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1399374167; bh=CQYbi0yMhWrT/Q54MpsRgvtz0DxR6qeRpMIrKxl2UIg=; l=1736; h=Date:From:To:References:In-Reply-To; b=LbAr+zUQ+uX8yblnDG8HoxfzNaQi96EOg8FV97S75n/XhGgZEkA8vfPpb2EODddXj N2rGFCF5ipuD1Q/kefeYx5Erjl2v3cVEHr1GPGXAfhpvFcgRKy7/GlrXqowOAXZjpr SL7ZkkiPXL5a/3bpes0dyRfH8VelmXVRuLuaPVO0=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.88] (pcale.tana [172.25.197.88]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Tue, 06 May 2014 13:02:47 +0200 id 00000000005DC045.000000005368C157.00006940
Message-ID: <5368C157.5030806@tana.it>
Date: Tue, 06 May 2014 13:02:47 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0
MIME-Version: 1.0
To: ietf-822@ietf.org
References: <20140418123721.3610.qmail@joyce.lan> <5365357D.2020101@tana.it> <53653C7A.3090304@pscs.co.uk> <53655C13.9070201@isdg.net> <5365F4F8.6020605@pscs.co.uk> <536629D7.7040809@meetinghouse.net> <6.2.5.6.2.20140505075814.0c9b0a68@resistor.net> <5367DB93.3050509@meetinghouse.net> <6.2.5.6.2.20140505124909.0cbcd6a8@resistor.net> <5368388F.6080201@meetinghouse.net> <87wqdzels9.fsf@windlord.stanford.edu>
In-Reply-To: <87wqdzels9.fsf@windlord.stanford.edu>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/rksRo1fA2qbkLfFuNHslqtPvFCk
Subject: Re: [ietf-822] WSJ/gmail/ML, was a permission to... (on-topic)
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 11:02:54 -0000

On Tue 06/May/2014 03:30:30 +0200 Russ Allbery wrote:
> Miles Fidelman <mfidelman@meetinghouse.net> writes:
> 
>> I haven't actually dug into the details of how Outlook does things,
>> but... does not RFC5322's series of resent- headers start to provide a
>> direction for standardizing mailing list use of header fields?
> 
> I think these are used in the opposite direction of what you'd need to
> satisfy the current constraints.  The entity doing the resending goes into
> the Resent-* headers, and From is left unaltered, whereas to satisfy this
> signature scheme you would need to do the opposite.

I beg to differ.  To adjust the signature scheme so that it works in
the face of resending is plan A.  The From: field is set by the
author's MUA and checked by the MSA.[1]  Leaving it unaltered is a
privilege that resenders need to earn by enforcing MSA-equivalent
checks.  WSJ article sending is an example where From: ought to be
changed, while gmail and MLs can keep it unaltered.

It is a technical challenge to define authentication correctly, but we
should not modify the semantics in order to meet the constraints.
This problem is not specific of DKIM signatures.  S/MIME and OpenPGP
present it too; for example, Thunderbird fails to verify S/MIME-
signed mailing list messages[2].

Whitelisting by (sub)domain name can be done according to how well
they carry out the checks they're responsible for.  Maintaining
whitelists without relying on authentication --plan B-- will likely
require more human knowledge and personal judgment than with a working
signature scheme in place.

Ale

[1] http://tools.ietf.org/html/rfc6409#section-3.2
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=885286#c4

v2.23.0 | Report a Bug | By Email