IETF Logo Mail Archive

Re: mail signing history, was Call for Community Feedback: Retiring IETF FTP Service

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 18 November 2020 22:44 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3111E3A0E73 for <ietf@ietfa.amsl.com>; Wed, 18 Nov 2020 14:44:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXEOZYMrPPnC for <ietf@ietfa.amsl.com>; Wed, 18 Nov 2020 14:44:55 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 435CD3A0E6D for <ietf@ietf.org>; Wed, 18 Nov 2020 14:44:53 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3CB2BBEE3; Wed, 18 Nov 2020 22:44:51 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKcI-vcjQEj1; Wed, 18 Nov 2020 22:44:49 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 7EB4DBEDB; Wed, 18 Nov 2020 22:44:49 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1605739489; bh=OBP0l/NeP481JswI0ALBdXEbJh6KfMk0XbKlexQIeTI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=urT9i5N4nJNJYD6eIRfjpI0Ga+oQN1Os3NtMqwQS3nWNrwTkEoLj9EDp5irlRp1hJ Gxo/epefHW0YaReKiZ/1/iQHN2y4hlZKgyLFcqjZni4+xpr5v/OUjr/YJy8IxjAvJ0 3EI5WgXlWyKgZ4VwpYcdbiufFagR/MRjy9mo2/FM=
Subject: Re: mail signing history, was Call for Community Feedback: Retiring IETF FTP Service
To: Michael Thomas <mike@mtcc.com>, ietf@ietf.org
References: <01RS5CFAY5S0005PTU@mauve.mrochek.com> <20201118211937.01A22278DC6F@ary.qy> <01RS5Q2L2D6Y005PTU@mauve.mrochek.com> <5239b5-3d2-4079-5f5d-f4a2e0c5552@taugh.com> <c9c6d83e-cf79-262e-ae0e-361050026912@mtcc.com> <e6c9a6b0-f412-76f0-24a4-d11512c1be36@cs.tcd.ie> <5b56c99c-d4ee-1275-5479-3aef9ab2ab11@mtcc.com> <abb3c271-7a9a-b3bc-1f4a-c68b2f55b35d@cs.tcd.ie> <20eacf90-c670-02b3-c1d9-4de0574f7a05@mtcc.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <68124f0a-23ef-80d5-6253-4c150e5048cb@cs.tcd.ie>
Date: Wed, 18 Nov 2020 22:44:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <20eacf90-c670-02b3-c1d9-4de0574f7a05@mtcc.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="dzuKg3H0vTjS7uE0vPtiif6eY28RAwwoN"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/c2RNA8cnLy-OyW1wjq1-yXCpCZ4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 22:45:03 -0000

Hiya,

On 18/11/2020 22:41, Michael Thomas wrote:
> It would be pretty disasterous regardless of a valid DKIM signature. 
> Most people have no clue that email *also* prevents deniability but  
> the damage would already be done because nobody's going believe that 
> somebody's long cheating email romance was just elaborately spoofed. 
> Same goes for providers if they screw up: an invalidated DKIM signature 
> is not going to protect them from lawsuits.

Maybe or maybe not. In the case of the DNC/Podesta it might
have had utility for someone wishing to claim forgery. I
don't really claim to know whether it'd be a useful legal
mechanism or not, so while I do think it might, that'd need
more checking for sure.

S.

v2.23.0 | Report a Bug | By Email