[ietf-dkim] A few SSP axioms
stephen.farrell at cs.tcd.ie
Wed Aug 2 06:09:08 PDT 2006
Yet another claim of utility with no demonstration!
I do agree that we have to cater for an imperfect world,
but you have yet to demonstrate a case where that makes
it bad to add signatures to a signed message (from a
bank or whatever).
Why don't you(*) just show me the benefit? If its because
you think this should be useful but aren't sure exactly
how, then that's fine, just say so and the WG can take
that into account when evaluating which requirements to
(*) By "you" I don't mean just you personally, but all
the folks on the list that are arguing for this.
Hector Santos wrote:
> ----- Original Message -----
> From: "Stephen Farrell" <stephen.farrell at cs.tcd.ie>
> To: "John Levine" <johnl at iecc.com>
>> John Levine wrote:
>>> If you disagree, you really have to provide a concrete scenario where
>>> an added signature turns a valid message into an invalid one, keeping
>>> in mind that the existing message headers and the messge body did not
>>> change at all, since the original signature is still good.
>> Sorry to keep hammering on about this, but I'd really like to see this
>> answered. So far it hasn't been and I believe the WG wouldn't be wise
>> to adopt requirements where we've only got claims of utility but no
>> demonstrations of utility.
> The demonstation of utility is a digital mail signature model based on some
> c14n and hashing of mail - a concept that deals directly with mail integrity
> John wants to know how a 2nd signature could invalid an already valid
> message. This is really based on a "Good Citizen" model where everything is
> done correctly.
> He prepared all process conditions so that there is no integrity issues. So
> no harm is done. Everything works fine.
> But what happens when all or some conditions are not set? There is a change
> in the body? The original signature was stripped? Or just about anything we
> don't know, but the OA did not expect any of this to happen?
> Thats the challenge here.
>> PS: Just wondering. Is this a case where people are thinking that
>> just because a signature is a positive thing, that there must exist
>> a meaningful opposite - an anti-signature or something?
> HA! <g>
> Why not try the reverse the question? Show when it doesn't cause in harm?
> John told us. When the universe is perfect. :-)
>> Well, this
>> isn't particle physics (luckily!) and afaik there is no such
>> construct as a negative signature. (Yes a signature can be over a
>> negative statement, but DKIM-base signatures sign mail, not policy
>> assertions.) So a policy/practice statement that even implies that
>> some signatures are anti-signatures makes no sense. (At least in
>> my Universe:-)
> The "grass" is indeed greener over the pond. <g>
> The perfect DKIM universe is wonderful. I think this is why people are
> excited about. The potential is high for success among all parties, the
> small and the large, the ISP, ESP and the users, etc.
> But in my view, the perfect DKIM universe is not reality. There are going to
> be attempt to break john's perfect message scenario.
> If we have history to work with here, there is a strong indication that the
> DKIM universe will not always be perfect.
> The question is how do you handle imperfection. Is it worth handling it?
> So as you know, for me, DSAP was done as a concern about the security
> concerns of the core DKIM-BASE protocol when the universe is not so perfect:
> "The main objective of DSAP is to establish a
> protocol consistency between all client types and to use the
> deviation from the consistency as part of a failure detection system."
> I think that trying to define requirements does requires an understanding of
> what the signature security concerns for DKIM-BASE protocol. It begins
> there, in my view. What are the possible signature security problems?
> Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim