[ietf-dkim] Are verifiers expected to query SSP on a
hsantos at santronics.com
Mon Jul 31 13:44:52 PDT 2006
----- Original Message -----
From: "Dave Crocker" <dhc at dcrocker.net>
To: "Tony Hansen" tony at att.com
> I would like to see a scenario described that explains exactly
> what problem needs to be detected and why it is a compelling,
> immediate requirement.
It serves no justice to try put all the work already done into spigetti mail
The TA issues and discussions highlighted many of this and I believe the
latest Threats draft does also highlight much of this.
The following diagrams shown here were modeled on SSP, from which the DSAP
"fill in the holes" proposal was based on:
Hopefully DSAP will be officially announced in today's batch new IETF I-D
To answer the subject title question:
"Are verifiers expected to query SSP on a successful verify?"
My position has always been that its a chicken and egg issue, and also a
implementation design consideration.
But when considering the "security" aspect of DKIM-BASE, the ideal model
calls for an SSP lookup at all times in order to secure the most obvious
possible exploitations such as:
- Sign or no sign, No mail was expected
- The mail was not signed and it was expected to be signed.
- The mail was signed and it was not expected.
- The mail was signed by 3rd party and it was not expected.
and none of this highly possible transactions require DKIM signature
verification yet. So it can beviewed as an optimization consideration as
The debates centered around;
- Redundant DNS lookup concerns,
- Invalid signatures sufficient for non-accepability,
- Valid OA or 3P signatures have the same level of trust.
- Multiple signatures matrices.
I think most agree that in todays world, although always a concern, the
question of redundant DNS lookups should not be a show stopper.
When "ignore invalid" signatures became the written in stone policy in
DKIM-BASE, this only served to highlight the need for a SSP concept.
Failures can not be ignored.
The question of OA vs 3P was simply a matter of trust and the long debated
solution was requirement to have a "allow list" somewhere. Of course, the
concern of lenght issues was among it.
The Multiple Signature Matrices is probably the most complex part of this
DKIM framework because it deals with the 3PS issues, the Mailing List
issues, the mail integrity issues. Currentlly the DKIM-BASE model allows
for the validation of detected failure in multiple signed messages if and
only if, atleast one signature is valid.
Anyway, the redundancy DNS lookup concerns resurface with a multple
My personal engineering opinion, that one failure is enough for a negative
classificaton. But when mixing in mailing list issues, this is probably
the only way to make DKIM work with mailing list servers (MLS).
Howver, as my DSAP draft proposals, we can minimize these multiple
signature mailing list problems with a SSP lookup to again, avoid the most
fundamental exploitations that I outlined above. The simpliest example is
a MLS pre-empting failure by confirming the DKIM usage of an email address
during the subscription process:
3.3. Mailing List Servers
Mailing List Servers (MLS) applications who are compliant with DKIM
and DSAP operations, SHOULD adhere to the following guidelines:
MLS subscription processes should perform a DSAP check to
determine if a subscribing email domain DSAP policy is restrictive
in regards to mail integrity changes or 3rd party signatures. The
MLS SHOULD only allow original domain policies who allow 3rd party
Message Content Integrity Change
List Servers which will alter the message content SHOULD only do
so for original domains with optional DKIM signing practices and
it should remove the original signature if present. If the List
Server is not going to alter the message, it SHOULD NOT remove the
signature, if present.
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim