[ietf-dkim] Re: Role of Sender header as signing domain
chl at clerew.man.ac.uk
Thu Nov 30 02:55:07 PST 2006
On Wed, 29 Nov 2006 16:50:24 -0000, william(at)elan.net <william at elan.net>
> On Wed, 29 Nov 2006, Charles Lindsey wrote:
>> On Tue, 28 Nov 2006 15:42:11 -0000, Scott Kitterman
>> <ietf-dkim at kitterman.com> wrote:
>>> 2822.From is the only identity that is reliably displayed to the end
>> I utterly fail to see why what is displayed to the user is of the least
> Charles is correct. The way protocol is layed down right now what is
> displayed to the user is irrelevent to the core. It only becomes relevent
> with the the policy part which is supposed to be the one trying to
> against phishing. Also note that any MUA-based anti-spam systems that may
> use the core would look at what it says and therefore if other header
> like Sender is listed its quite likely to be displayed.
Ah! I think I see now what Scott and Eliot are getting at. Suppose we have:
From: joe at foo.com
Sender: joe at bar.com
with good signature by bar.com
The verifier informs the recipient that the message was signed by bar.com,
and is confused because he sees no header mentioning bar.com. Or it
reports a failed signature by bar.com, and the user is even more confused.
I.e., he is supposing that the user is merely informed of what signatures
are present and it is left to him to inspect the displayed headers to see
whether he needs to be alarmed.
I find that a very poor way of communicating to the user, as others have
pointed out (though I don't go along with Doug's expectation that the
user's MUA will go trawling through his address book). So let us step back
a moment and see how this communication might take place.
There are two cases:
1. The MUA has been specially adapted to work with DKIM
2. The MUA has not been specially adapted
We are supposed to be designing a system which will work with existing
MUAs (i.e. case 2), so in that case the verifier's policy module can only
communicate with the user via the body of the message - rather like those
irksome systems which add long paragraphs to the end of messages to inform
you of all the viruses they did or didn't detect.
So in that case it is up to the policy module to describe its suspicions
in a manner the user can understand whether he can see all the relevant
headers or not.
So it might say
"This message was sent by joe at bar.com (good signature by bar.com) but
should notice that the From: address made no mention of bar.com."
"This message was sent by joe at bar.com apparently on behalf of
joe at foo.com,
but there is no valid signature from either of them."
OTOH, if one can assume an adapted MUA as in case 1, then presumably the
communication could be by some other channel (possibly using the headers),
but such an MUA would, in any case, display all headers relevant for
understanding the report from the policy module, including the Sender if
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim