On 1/29/25 8:45 PM, Jim Fenton wrote:
On 29 Jan 2025, at 19:30, Michael Thomas wrote:
On 1/29/25 6:20 PM, Murray S. Kucherawy wrote:
My own motivation is the former, not the latter. That is, yes I would like to recover
the author domain signature if we can come up with a relatively robust way to do that
without creating a security hole; no, my motivation has nothing to do with enabling
uptake of "p=reject", though that might be a side effect that I think others
would find beneficial.
It still creates a security hole. But maybe a more tractable one; we shouldn't
cop attitude that it doesn't. There are tradeoffs to both approaches. Security
is a risk/reward thing, after all.
I’m a little unclear on the need to fully describe the “mutation” that might be
applied by an intermediary. Even if fully described, you need to have some
trust of the intermediary to accept the mutation, because otherwise you don’t
know that the mutation doesn’t contain harmful/unwanted content (barring some
magic AI thing perhaps).
Yeah, that's what I'm trying to understand. If you can recover the
original signature, you could conceivably run spam filters separately on
the different parts using the reputation (if any) of the different
parts, I suppose. But how big of a deal is that in the real world?
If you do have trust of the intermediary to only sign messages where they have
verified the DKIM signature of the message received by the intermediary,
shouldn’t the intermediary’s signature on the modified message should be
sufficient? I thought this was effectively what ARC is doing, although I have
quibbles about how ARC does it.
There seems to be a misconception that a mailing list can't resign a
message. Or at least it seems there is. ARC seems to go through a lot of
hoops to associate an arbitrary number of signatures with an arbitrary
number of A-R headers, but how common is that in real life? And how
important is it to actually establish this chain of custody? This new
backscatter item seems to want that, but I get the impression that's a
new problem, not something ARC set out to solve.
But yes, I agree about the trust part. If the mailing list has a
reputation it really doesn't matter what it's A-R was for the original
signature. It is just an artifact of its filtering process which may be
interesting from a forensic standpoint, but I have doubts about it
operational utility.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
