[ietf-dkim] Re: 99.6%
hsantos at santronics.com
Fri Dec 21 19:43:49 PST 2007
Douglas Otis wrote to Michael Thomas:
> Mailing lists removing _invalid_ signatures will not impact results
> obtained with mailing-list permissive settings. Removing invalid
> signatures better ensures evaluation of valid signatures.
That depends Doug.
As a Mailing list server author, there are some major redesign
considerations here especially where SSP is concern.
There is no way we would not consider all or part of the following for
our List Server DKIM/SSP logic.
If the list admin wishes to do any one of the many long time
common MLS features that essentially alters the originality of
the new list message, and it wishes to provide protocol consistency for
the DKIM domain, then it must consider the following:
1) As part of the list subscription verification process, the
MLS will verify that the subscribing domain is not restricted
via SSP by perform a simple lookup.
1a) If the policy is STRICT, the subscription will be denied IFF
the list is not prepared to alter the integrity of the message.
It will behave as a simple passthru redistribution mailer.
1b) If the policy is ALL, then this allows the MLS to:
- leave the message alone if its not going to alter the
integrity of the message, or
- strip the original signature IFF it is prepared to
resign. Although DKIM-BASE has semantics to say only
one signature is required to be valid, this option
may help minimize downlink issues.
1c) If the policy is UNKNOWN (optional), then this is where
the complexity might begin since the MLS can create
false positives. We might not even worry about DKIM
domains without SSP or those with direct DKIM=UNKNOWN
policy. Ignore them completely and let the download
handle it. But I can also see the logic to maybe:
- Leave the SIGNED message alone (valid/invalid) if its
not going to alter the integrity of the message, or
- Strip the VALID original signature IFF it is going to
alter the message and not resign.
Overall, I think:
If the MLS sees the arrival of a new submission with a invalid
signature, I don't think the MLS should attempt to "promote" it to a
state where it could be viewed as an optional signing. If you strip it,
then you might do more harm than good here.
If the new list message arrives with a valid signature, then what
happens next depends on whether the MLS is altering the message, and/or
the DOMAIN has a SSP policy that is restrictive.
if the new list message arrives with no signature, then depending on the
SSP, the MLS logic can be easily defined.
The whole point is that ideally, the MLS can be made to be protocol
consistent with DKIM/SSP.
Now is that feasible? It is asking too much of list servers?
Those (MLS people) who need it will do what it takes to make it work.
Others might not.
Hector Santos, CTO
More information about the ietf-dkim