[ietf-dkim] Re: 99.6%

Hector Santos hsantos at santronics.com
Fri Dec 21 19:43:49 PST 2007 

Douglas Otis wrote to Michael Thomas:

> Mailing lists removing _invalid_ signatures will not impact results 
> obtained with mailing-list permissive settings.  Removing invalid 
> signatures better ensures evaluation of valid signatures.

That depends Doug.

As a Mailing list server author, there are some major redesign 
considerations here especially where SSP is concern.

There is no way we would not consider all or part of the following for 
our List Server DKIM/SSP logic.

If the list admin wishes to do any one of the many long time
common MLS features that essentially alters the originality of
the new list message, and it wishes to provide protocol consistency for 
the DKIM domain, then it must consider the following:

1) As part of the list subscription verification process, the
    MLS will verify that the subscribing domain is not restricted
    via SSP by perform a simple lookup.

1a) If the policy is STRICT, the subscription will be denied IFF
     the list is not prepared to alter the integrity of the message.
     It will behave as a simple passthru redistribution mailer.

1b) If the policy is ALL, then this allows the MLS to:

     - leave the message alone if its not going to alter the
       integrity of the message, or

     - strip the original signature IFF it is prepared to
       resign.  Although DKIM-BASE has semantics to say only
       one signature is required to be valid,  this option
       may help minimize downlink issues.

1c) If the policy is UNKNOWN (optional), then this is where
     the complexity might begin since the MLS can create
     false positives.  We might not even worry about DKIM
     domains without SSP or those with direct DKIM=UNKNOWN
     policy. Ignore them completely and let the download
     handle it.  But I can also see the logic to maybe:

     - Leave the SIGNED message alone (valid/invalid) if its
       not going to alter the integrity of the message, or

     - Strip the VALID original signature IFF it is going to
       alter the message and not resign.

Overall, I think:

If the MLS sees the arrival of a new submission with a invalid 
signature, I don't think the MLS should attempt to "promote" it to a 
state where it could be viewed as an optional signing.  If you strip it, 
then you might do more harm than good here.

If the new list message arrives with a valid signature, then what 
happens next depends on whether the MLS is altering the message, and/or 
the DOMAIN has a SSP policy that is restrictive.

if the new list message arrives with no signature, then depending on the 
SSP, the MLS logic can be easily defined.

The whole point is that ideally, the MLS can be made to be protocol 
consistent with DKIM/SSP.

Now is that feasible? It is asking too much of list servers?

Those (MLS people) who need it will do what it takes to make it work. 
Others might not.

-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

More information about the ietf-dkim mailing list