IETF Logo Mail Archive

Re: [yam] Russ Housley's Discuss on draft-ietf-yam-rfc4409bis-02: (with DISCUSS)

Dave CROCKER <dhc@dcrocker.net> Wed, 24 August 2011 14:51 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: yam@ietfa.amsl.com
Delivered-To: yam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D69F521F8BBC; Wed, 24 Aug 2011 07:51:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.376
X-Spam-Level:
X-Spam-Status: No, score=-6.376 tagged_above=-999 required=5 tests=[AWL=0.223, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E1QsIhXOH6h5; Wed, 24 Aug 2011 07:51:58 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 188C221F8BB2; Wed, 24 Aug 2011 07:51:58 -0700 (PDT)
Received: from [192.168.1.156] (adsl-68-122-69-114.dsl.pltn13.pacbell.net [68.122.69.114]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id p7OEqriK030690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Aug 2011 07:52:58 -0700
Message-ID: <4E551041.3020205@dcrocker.net>
Date: Wed, 24 Aug 2011 07:52:49 -0700
From: Dave CROCKER <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>
References: <20110822174540.26398.33846.idtracker@ietfa.amsl.com> <6.2.5.6.2.20110823123557.0d863778@elandnews.com> <D41B604F-9452-4F9F-80BA-1FE5B74B171E@vigilsec.com>
In-Reply-To: <D41B604F-9452-4F9F-80BA-1FE5B74B171E@vigilsec.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Wed, 24 Aug 2011 07:53:00 -0700 (PDT)
Cc: yam@ietf.org, richard Barnes <rbarnes@bbn.com>, S Moonesamy <sm+ietf@elandsys.com>, draft-ietf-yam-rfc4409bis@tools.ietf.org, The IESG <iesg@ietf.org>, yam-chairs@tools.ietf.org
Subject: Re: [yam] Russ Housley's Discuss on draft-ietf-yam-rfc4409bis-02: (with DISCUSS)
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 14:51:59 -0000

On 8/24/2011 7:06 AM, Russ Housley wrote:
> SM:
>
> Thanks for facilitating this discussion.
>
> As Dave well knows, the presence of an invalid signature is different than no
> signature at all.
 >
 > The technical community keeps telling implementors that
 > they are not really different, but folks that writ code seem to think
 > otherwise.  The proposed text does not say anything about the signature
 > validity,


Russ,

As you well know, there are many, very different reasons a signature can be 
invalid.  As you also might know, the DKIM specification therefore declares the 
semantics of an invalid signature to be the same as having no signature present.

Within the formal 4 walls of DKIM, that means that the the presence of an 
invalid signature is /not/ different than no signature at all.

The fact that various receivers might choose to distinguish between the two 
conditions is well and good, but it also is outside the four walls of formal DKIM.

Pragmatics often prompt going beyond a formal specification.  That does not make 
either the specification or the pragmatics "wrong".  Each has its own purpose 
and constraints.(*)


>  At a minimum, i[t] should say "...of a valid signature."

I assume you mean that you are requesting the proposed text to be revised to be:

   "Message modification can affect the validity of an existing message
    signature, such as by DKIM [DKIM], PGP [RFC4880], and can render the
    signature invalid.  This, in turn, can affect message handling by later
    receivers, such as filtering engines that consider the presence or absence
    of a [valid] signature."

Given your own view about the distinction, I'd have thought you would prefer the 
original wording.  While adding "valid" does change the meaning slightly, I 
don't see it as a problem.

d/


(*) Receivers choosing to make a distinction between an absent DKIM signature 
and a present, invalid one currently represents an intuition rather than a 
certainty.  That's a good basis for experimentation, but a very poor basis for 
language in a formal standards specification...

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email