On Tue, Feb 4, 2025 at 12:33 PM Dave Crocker <d...@dcrocker.net> wrote:
> Folks, > > This is meant as a technical thread and it has /nothing/ to do with the > chartering discussion. > > But a stray thought occurred to me and has been bugging me. So I'm > looking for some other folk to consider it and elaborate upon it. Finding > substantive points that serve to refute the concern is entirely fine. > > So... > > Premise: We have a capability for 'preserving' a DKIM signature, by being > able to reverse out changes made by mailing lists, and the like. So a > final receiver's filtering engine can validate the author's originating > DKIM signature. > > The nature of reversing means taking away changes made along the extended > path. It means that there are portions of the message -- presumably > including portions of the body -- that are not covered by the original DKIM > signature. > > This opens the door for that mediating platform to add stuff -- outside of > what is covered by the signature -- that counts as spam or worse. > > Presumably, the benefit of recovering the original signature is for the > purpose of applying that original signer's reputation to the message > analysis. But there is new content they had nothing to do with. > > So at least two items flow from this: > > 1. Any site that modifies the substance of a message(*) must add its > own signature and facilitate determining what the changes are it made. > 2. Any mechanism that does the desired reversals needs to work across > a series of changes, so that each change agent can be identified and their > changes attributed to them. Nested accountability. > 3. Recipients are still going to blame the original author for the > problematic content. > > I think 1) and 2) are exactly right and email receivers' spam filters can make use of that more precise attribution information. Each originator or forwarder has to own the entire message that leaves its system. Forwarders facilitate reversing their changes to recover any prior hop's message that can then be verified. To your point below, we might say that the receiver has some sort of history mechanism where that attribution is used. 3) is likely true. I've heard that there are ideas around UIs proposals that might be able to distinguish the different contributions. -Wei > > > OK. Fire away. > > > d// > > ps. Work in email protection has generally not included careful > documentation of the attacks being protected against. In fact, we've > tended to pursue a mechanism mostly because it feels inuitively obvious > that it will be useful. But we never follow through and document /how/ it > will be useful. > We should do something about that, so that each mechanism is clearly > associated with the attacks it is relevant to (and how), and its efficacy > is easily assessed. > > (*) "Substance of a message" will, of course, need careful and precise > definition. > > > -- > Dave Crocker > > Brandenburg InternetWorkingbbiw.net > bluesky: @dcrocker.bsky.social > mast: @dcrocker@mastodon.social > > _______________________________________________ > Ietf-dkim mailing list -- ietf-dkim@ietf.org > To unsubscribe send an email to ietf-dkim-le...@ietf.org >
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
