On Mon 24/Mar/2025 19:21:23 +0100 Murray S. Kucherawy wrote:
On Mon, Mar 24, 2025 at 10:53 AM Michael Thomas <m...@mtcc.com> wrote:
Out of curiosity would, say, a mailing list that breaks the original
signature but signs on the mailing list's behalf count as "signed"? At some
level DKIM is about taking responsibility for a message so something that a
mailing list signed is who you'd blame and/or hang some reputation off of.
If that were the case, it seems that could be workable although I'd be
really scared about the collateral damage. But they'd know what it would
be, so they'd have an informed view of things.
I take it that a list invalidating an author domain signature would sign as
itself while also declaring what mutations it made, and downstream
verifiers can decide (a) if the list signature is still satisfied, (b)
whether the declared mutations are acceptable, and (c) if they're
reversible such that the author domain signature can be recovered.
What I'm less clear on is how one identifies a legitimate mutation or a
legitimate list, versus a participating attacker claiming to be one of
those things.
IMHO, legitimate mutations have to be a class of of transformations such as,
for example, the ones described in your dkim-transform draft, with specified
types and length limits. Whatever the modification algebra, the transformation
class should be trivially identifiable.
The legitimacy of a list can only be determined by participating in the
subscription and confirmation operation. Lists are not /legitimate/ in general.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
