[Ietf-dkim] Successful reversal, but what about...

Tue, 04 Feb 2025 12:33:52 -0800 

Folks,
This is meant as a technical thread and it has /nothing/ to do with the chartering discussion. 


But a stray thought occurred to me and has been bugging me.  So I'm 
looking for some other folk to consider it and elaborate upon it.  
Finding substantive points that serve to refute the concern is entirely 
fine.


So...


Premise:  We have a capability for 'preserving' a DKIM signature, by 
being able to reverse out changes made by mailing lists, and the like.  
So a final receiver's filtering engine can validate the author's 
originating DKIM signature.



The nature of reversing means taking away changes made along the 
extended path.  It means that there are portions of the message -- 
presumably including portions of the body -- that are not covered by the 
original DKIM signature.



This opens the door for that mediating platform to add stuff -- outside 
of what is covered by the signature -- that counts as spam or worse.



Presumably, the benefit of recovering the original signature is for the 
purpose of applying that original signer's reputation to the message 
analysis.  But there is new content they had nothing to do with.


So at least two items flow from this:

1. Any site that modifies the substance of a message(*) must add its
   own signature and facilitate determining what the changes are it made.
2. Any mechanism that does the desired reversals needs to work across a
   series of changes, so that each change agent can be identified and
   their changes attributed to them.  Nested accountability.
3. Recipients are still going to blame the original author for the
   problematic content.

OK.  Fire away.


d//


ps. Work in email protection has generally not included careful 
documentation of the attacks being protected against.  In fact, we've 
tended to pursue a mechanism mostly because it feels inuitively obvious 
that it will be useful.  But we never follow through and document /how/ 
it will be useful.
     We should do something about that, so that each mechanism is 
clearly associated with the attacks it is relevant to (and how), and its 
efficacy is easily assessed.



(*) "Substance of a message" will, of course, need careful and precise 
definition.



--
Dave Crocker

Brandenburg InternetWorking
bbiw.net
bluesky: @dcrocker.bsky.social
mast: @dcrocker@mastodon.social

_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org






















					Reply via email to