[ietf-dkim] SSP and mailing lists
Thomas A. Fine
fine at head.cfa.harvard.edu
Mon Sep 11 14:01:21 PDT 2006
bill.oxley at cox.com wrote:
>It may well be unenforcable. If I send an email directly to
>stephen.farrell at cs.tcd.ie signed and with the SSP record of
>> "I sign all email, and do NOT permit email through any body or
>> signature altering gateways"
>I will open a session on port 25 at mx.cs.tcd.ie and hope that the
>receiving mta does not add its own sig to the message before depositing
>it to the inbox. Local rules might require the additional sig to ensure
>that the inbox only gets mail from the edge mta. Now if Stephen is using
>one of Doug's dkim aware MUA's that "see's" 2 signatures where only one
>should be might flag the message with a red warning "suspicious mail
>lies here" or inform Stephen that the message was deleted because the
>SSP didn't match.
Some different thoughts/questions on this one.
First, is this really likely? Shouldn't such validation be handled
in the context of a closed network?
Second, does adding a new signature alter the original signature?
If not, then that would be fine.
Third, if the signature(s) verify, then would the policy even be
checked? It's not in the single-sig context. This leads back to
the unenforceable thing - you could always remove the original unremovable
signature, sign it again, and since the policy isn't checked, no one
would be the wiser. Perhaps this is an argument for having policy-first
in effect all the time.
Finally, how is an MUA or an MTA supposed to validate mail that has more
than one signature? Does it validate all of them, or only the outermost?
More information about the ietf-dkim