On Tue, Sep 14, 2010 at 9:05 PM, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> So what do people think about this issue? Let's say you get a piece of
> email that's signed only by a third-party signature that validated. Do you
> treat it differently? What if it had both?
Currently do not treat it differently. Am not really making decisions
to discard messages with failed signatures.
> Let's say you could get a score for a domain name found in a signature, and
> it had two signatures with different scores. Which one "wins"?
Averaging the two together seems the better answer. But then how to
factor this back into the data that came up with the reputations (ie
the two different scores).... It doesn't seem clean because one's
good reputation is mangled by the lower reputation.
> There is currently a mechanism by which the owner of the From: domain can
> say, "If you get mail that claims to be From: us but doesn't contain a valid
> signature from us, throw it away." There is not currently a way to extend
> that to say "Signatures from alternate domains D1, D2, ..., Dn are also OK."
> Does anyone think that would be useful? Would you use it if it existed?
I don't think many would. Places like paypal or big hosting services
could, but for the average end user (99% of my use cases) it will not
make any difference.
> A lot of the work of the working group is currently stalled. There are lots
> of theories about the way things should work or what terrible things will
> happen if we do or don't do something. What we need is both fresh opinions
> from people not already mired down in the work that actually use the stuff
> (i.e., most of you!), and some actual data to back up those claims (which is
> a huge reason for all the OpenDKIM statistics work lately). That's leading
> me to wonder if we shouldn't conduct some experiments in this area, based on
> your feedback, so we can go back to the working group and say "Well, we
> tried it, and here's what we saw."
I think enumeration of the scenarios is a better way to get opinions.
These are the ones I can think of:
1. I send an unsigned email direct to a recipient.
2. I send a signed email direct to a recipient that sig passes.
3. I send a signed email direct to a recipient that sig fails.
4. Someone sends an unsigned, forged email as me direct to a recipient.
5. Someone sends a signed by them, forged email as me direct to a
recipient and the sig passes.
6. Someone sends a signed by them, forged email as me direct to a
recipient and the sig fails.
7. I send a signed email to a mailing list, it sends it out to a
recipient and the sig passes.
8. I send a signed email to a mailing list, it sends it out to a
recipient but the sig fails.
9. I send a signed email to a mailing list, it signs it and sends it
out to a recipient, both sigs pass.
10. I send a signed email to a mailing list, it signs it and sends it
out to a recipient, ML sig passes, but my sig fails.
ADSP takes care of 1, 2, 3, 4. ADSP can interfere with 7, 8, 9, 10.
I have less control over 5 or 6 because, as you stated, there is no
way for me to say that I will or will not allow my emails to be
resigned (and by who if we get to that level of granularity).
Maybe there can be a simple addition to the ADSP:
resign=POLICY;
where POLICY can be one of discardable, accept, etc.
But that still doesn't let you specify *WHO* can resign your email and
take responsibility for it. I don't like anything I could imagine in
that line of thinking.
--
Regards... Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm. -- Marcus Aurealius
Received on Wed Sep 15 2010 - 18:23:50 PST