[ietf-dkim] Not exactly not a threat analysis

[Jim Fenton]

Going back a lot of messages, but only a few hours (apologies if I'm 
beating a dead horse):

Keith Moore wrote:

> Part of the idea that DKIM seems to propose is that more than one 
> party can potentially sign a message.  For instance, an author might 
> sign a message, or a list might sign the same message. But different 
> parties mean different things when they sign the message.  If the 
> author signs a message, it means "I wrote this".  If a list signs a 
> message, it means "I sent this".

But DKIM never gives an assertion of authorship (use PGP or S/MIME for 
that).  Even if there is a valid signature that is associated with the 
origination address, it means "the supposed author's domain authorized 
this message".

This goes to what we have been very generically calling first-party and 
third-party signatures.  The original submission of a message would 
normally result in a first-party signature from the supposed author's 
domain.  A mailing list would apply a third-party signature, which can 
be distinguished by the fact that i= does not match the originator's 
address.  There are other circumstances where third-party signatures 
would be applied as well, but I can't think of why it would be 
significant whether the third-party signer is a mailing list, some other 
resender, or a greeting card or something.

BTW, a good reason for the local-part on i= is that it if the original 
purported author and the mailing list are in the same domain, it's still 
possible for the list to apply a signature and not have it look like a 
first-party signature.

Is there other significance to signature semantics that is needed that 
is not conveyed by the comparison of i= to the originator address?

-Jim