IETF Logo Mail Archive

Re: [ietf-822] A permission to re-sign header

"John Levine" <johnl@taugh.com> Fri, 18 April 2014 12:37 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA7291A01CF for <ietf-822@ietfa.amsl.com>; Fri, 18 Apr 2014 05:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOffRJcmfhBz for <ietf-822@ietfa.amsl.com>; Fri, 18 Apr 2014 05:37:48 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) by ietfa.amsl.com (Postfix) with ESMTP id ACACD1A01A8 for <ietf-822@ietf.org>; Fri, 18 Apr 2014 05:37:45 -0700 (PDT)
Received: (qmail 16630 invoked from network); 18 Apr 2014 12:37:41 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 18 Apr 2014 12:37:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=e1b.53511c97.k1404; i=johnl@user.iecc.com; bh=DeTBu6TGPEyv/1GKpVoaOMfIz0lDniV8iQrZHR6YGnQ=; b=iR7HfUyAuthC3mTemktr0x22Kz1arzN0p6WeTrD9rqY6aBaW4w6I+zzVMsAib8Znrh4AG6ohNmI/uJ5qgKCKksNWlim7v9GCP2UuTgIvEn70YmBxExBqrmFlkTBy8AKE53jtQGrLZ5SfrbzoDSvWK8XHyxI8rwYLjd9BsJNQOiSFd5htOowMhdFx/rh3k9ObD1LT6iOxm5u4q21bPQ0Z/aPYN6AEr50BeoAg6vPAIJ+qs6Mz5f+D9PUqdAHh52c+
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=e1b.53511c97.k1404; olt=johnl@user.iecc.com; bh=DeTBu6TGPEyv/1GKpVoaOMfIz0lDniV8iQrZHR6YGnQ=; b=C6NwkhTy0e0cS+LU6Ztm1rN5Rh2ABn8noT7f1/rQWGlxwV/snfvjIyP9xyMEV3zXfGepibEra2eYWCkEuStPO65Q1JPh3v4MM4vnpFlBAgOBAICZbTGFKjbXHcCN2ZCbikRKQ7bX/2+x6Xl0zJ4+kwpI2mbyiVNHlOpxpYVRlEuLGBBsz2hrQkPHbCGhvwHExeqCO4rVPuTMvaJp01EP5ISC1/3uu6LElRyBHggx8P+dRhmZ/7aUrHaZpeW0y9Oq
Date: Fri, 18 Apr 2014 12:37:21 -0000
Message-ID: <20140418123721.3610.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: ietf-822@ietf.org
In-Reply-To: <535117C5.9040403@tana.it>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/tGMyCML6S5iYwT372qfGvmyElqo
Cc: vesely@tana.it
Subject: Re: [ietf-822] A permission to re-sign header
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 12:37:52 -0000

>Even with the local part (marissam) an M-R is not really hard to
>forge, otherwise DKIM-Signature wouldn't have had to include all the
>other tags.  If we worry about replay attacks, we can enhance M-R so
>that it includes them too.  For example, we could make M-R exactly
>like a regular DKIM-Signature, except that it would be a very very
>weak one, something that the MLM won't break.

BTDT.  If we could invent a weak signature that the MLM won't break,
we wouldn't have this problem.  The M-R token is signed so it should
be impossible to forge, and we don't expect anyone to change it in
transit.

I also note that this hack, with or without Ale's changes, does
nothing to solve the send from gmail and WSJ article problems.

R's,
John

v2.23.0 | Report a Bug | By Email