On Tue 25/Aug/2020 20:13:46 +0200 John R Levine wrote:
On Tue, 25 Aug 2020, Dotzero wrote:
I would expect there to be multiple potential approaches to identifying
acceptable intermediaries.
The harder part is to decide which intermediary gets to re-sign which
message at the time you apply the weak signature.
It would have be the domain in the "To" field. It wouldn't work with
random unknown intermediaries. It would address the MLM issue as long as
the MLM domain is the same as the "To" domain when the message was
originally sent. It could also presumably work for vanity domains if they
DKIM sign. It wouldn't work for forwards on the receiver side that the
sender is unaware of.
If the list is somel...@lists.foo.org, does the signature have to be
d=lists.foo.org? How about d=foo.org?
On the flip side, do you put a weak signature on all of your outgoing mail,
which seems like a bad idea, or just mail that you expect to go through list
modification? In the latter case, how do you tell? These are the scaling
problems that I fear make this unworkable.
https://tools.ietf.org/html/draft-levine-dkim-conditional-03#section-4.1 looks
quizzical. It says:
A small sender that doesn't know which of its mail recipients are
likely to be forwarders might put a weak signature on all outgoing
mail, in the expectation that few of its users correspondents are
likely to be malicious.
If a sender has no idea, what domain would it put in fs=, the recipient's
domain? That entails that a signing filter acts in an advanced SMTP step,
where the connection to the MX is established and the receiving domain known.
Also, in the previous paragraph:
A sender that expects a message to be forwarded might put both a
conventional DKIM signature and a signature with a !fs tag that
refers to the domain name of the expected forwarder. That signature
would typically be a "weak" signature that covers the From, To, Date,
and Message-ID headers but does not cover the Subject header or the
message body, so that it would remain valid even if a forwarder made
changes typical of forwarders such as mailing lists.
I understand that nobody can prevent a sender to put a conventional DKIM
signature, even if it expects the message to be forwarded. However, if the
scenario gets upgraded so as to consider that the sender /knows/ that the
message is going to be forwarded, then the conventional signature is pretty
useless, as forwarding will break it. How about this:
A sender that expects a message to be forwarded might well skip putting
a conventional DKIM signature and put just a signature with a !fs tag that
refers to the domain name of the expected forwarder. That signature
would typically be a "weak" signature that covers the From, Date, and
Message-ID headers but does not cover the Subject, To, or Cc header fields,
nor the message body.
(To: and Cc: are often reordered, which breaks signatures.)
Finally, IMHO the Security Consideration section should compare using !fs=
versus plain weak signatures. In particular, consider senders who carefully
avoid to send out weak signatures except for trusted (forwarding) recipients.
Would it be advisable to put both a plain weak signature and a signature with
!fs=? Plain weak signatures might be discarded by recipients with local
policies about l=, while v=man signatures might be discarded by unupgraded
verifiers. Putting two signatures together is rather common in the presence of
new features, e.g. those who use elliptic keys do so. What is the difference
between the risks brought on by each kind of weak signature? Answering such
question justifies the version change.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc