On Mon, Jul 1, 2013 at 12:24 PM, Michael Deutschmann < mich...@talamasca.ocis.net> wrote:
> On Mon, 1 Jul 2013, Alessandro Vesely wrote: > > Well, not really. MAIL FROM: is only visible after delivery, so to > > avoid dangling signatures one should store its value in some other > > header field or... in the i= tag. > > ITYM "only visible *before* delivery" > He means "after". There is no guarantee that the MAIL FROM address appears anywhere in the signed content of the message; its addition to Received is non-standard, and although RFC5321 says the addition of Return-Path at the time of delivery is mandatory, there are some legacy systems that don't insert it. If the sender inserts it, it could be removed or replaced in transit or upon delivery, invalidating the signature. One could do what you're talking about by inventing a DKIM canonicalization that includes the MAIL FROM address in one of the two hashes DKIM generates to produce its signature. That's easy enough. I'd like to know what the gain is, however. As far as I can tell, by itself, that simply ensures the same content re-injected anywhere will not produce a "valid" result unless the MAIL FROM is unchanged. It seems to me this renders your scheme even more sensitive to failures than DKIM already is. Specifically, a mailing list server that resends the message byte-for-byte identical to the original and only changes the envelope will cause the signature to be invalid, while DKIM will survive such re-mailing. > It does mean that if the mail passes through an SPF Sender Rewriting > Scheme forwarder, then it will end up with an unbroken but irrelevant > signature. Even if that forwarder knows about EDSP, it can't strip the > signature because it can't know that it isn't there to serve a different > accessory protocol yet to be invented. After all, most of the time MAIL > FROM: = From:, so the signature added for the sake of EDSP will > simultaneously be serving ADSP or DMARC. > There are legitimate cases where this is not true, such as mailing lists (which was your original complaint about "accessory protocols"). > > But I don't think that's a problem. The message will get through, > because the forwarder now owns the MAIL FROM and it's up to him whether an > EDSP check is needed. > The forwarder would have to be EDSP-aware and re-sign the message when changing the envelope. That makes a lot of assumptions about all the hosts through which the message will pass. -MSK
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html