On 5/10/2010 12:43 PM, John R. Levine wrote: >> On 5/7/2010 10:07 AM, John R. Levine wrote: >>> No, all it says is "we signed this mail." A signer with a good >>> reputation >>> will presumably rarely sign mail where the From: address actively >>> misidentifies the sender, but that's a second order effect. >> "misidentifies" covers quite a lot. > > I used it to mean that the From: address doesn't have a reasonable > connection to any of the persons or entities that composed the message, > for some reasonable definition of reasonable. > >> If I send mail from bbiw.net (well, actually, sbh17.songbird.com is my >> standard MSA) but label the From: field as being gmail.com, that's >> reasonable to classify as "misidentifying" the From: address, since >> songbird has nothing to do with gmail. > > No, that's not misidentification. It may be something else, but we need > more precise terminology, preferably that avoids loaded terms like > "forgery".
Your restricted model is entirely reasonable, but it does not match what many others in the community appear to mean. Note the frequent (mis-) use of the word "forged". So we need to be especially careful when introducing a pejorative label. In particular, we need to be careful about the likely understanding of that label by readers. >> Operator-based signing is typically meaning that the message was >> posted by an authorized user. There's absolutely no implication that >> the operator checked or enforced the contents of the From: field. > > That entirely depends on what you know about the signer. Two of the > largest signers, Google and Yahoo, mechanically check that the user > receives mail at the From: address. One of the smallest, me, knows his > users well enough to be confident that they won't do hostile address > fakery even though I don't enforce anything mechanically beyond adding > trace headers. I have other opinions about other signers. Requiring that verifiers know extensive details about the signing policies for all of the signatures they see doesn't scale. > So here's a scenario. Let's say I run a political satire mailing list, > to which members contribute wacky messages pretending to be from famous > people like bi...@microsoft.com or sa...@elysee.fr. I use some technique > not visible in the outgoing mail to ensure that the contributions are > from list members (perhaps a password that's stripped out.) Of course > the list puts a shiny new DKIM signature on all its mail. The list is > triple opt-in with a cherry on top, and the subscribers await each list > message all agog. Filter that. I wouldn't want to. I /like/ that sort of mail... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html