[ietf-dkim] list expanders (was Re: chained signatures, was l= summary)

[Charles Lindsey]

On Fri, 19 Jun 2009 17:55:57 +0100, Douglas Otis <dotis at mail-abuse.org>  
wrote:

> On Jun 19, 2009, at 4:29 AM, Charles Lindsey wrote:

>> But either way, there is no suspicion that the A-R was added by the
>> spammer, or any other agent prior to the ML site, so no reason to
>> doubt the truth of what it attested (except for Conspiracy Theorists
>> who doubt everything - and the best way to placate Conspiracy
>> Theorists is to give them the evidence that proves their vivid
>> imaginations are wrong - in this case by signing the A-R header).
>
> It dangerous to consider A-R headers of unknown origins as somehow
> inherently safe......

Inless they are included in a signature.

An A-R record always includes an idication of the domain that purported to  
have place it there. If it is signed by that same domain (as would be the  
case in the scenarios we are discussing), then more reliance can be placed  
on it (depending on your opinion of that signer - but you opinion of the  
manager of a mailing list you have subscribed to is likely to be quite  
high).

I agree that an unsigned A-R is dubious, but even then if it purports to  
have been placed there by a domain which
    a) the message has been passed through, and
    b) you are prepared to trust to have removed any pre-existing bogus A-R
       purporting to have been placed there by that domain
then it should be pretty safe (and this was indeed the case for the  
example we were discussing).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5