[ietf-dkim] MLMs and the use of multipart/alternative to preserve original DKIM signature and at the same time add a new DKIM signature
iane at sussex.ac.uk
Wed Aug 4 03:56:11 PDT 2010
--On 3 August 2010 15:30:17 +0200 "Rolf E. Sonneveld"
<R.E.Sonneveld at sonnection.nl> wrote:
> Trusting the MLM may be possible for you personnly for this particular
> mailing list, but your choice is not scaleable to the Internet at large.
> Or is the general consensus that (in the long run) the reputation of the
> MLM domain is sufficient for the verifier/receiver of MLM distributed
> mail? I don't read that in the draft.
It's the MLM that sent the message. Therefore any judgement of
trustworthiness must be made with regard to the MLM.
If the sender domain wants to make some assertion about the message that
will survive the MLM, then it needs to sign something that the MLM isn't
going to change. Perhaps, in addition to a full strength DKIM signature, it
could add a signature of the From:, Date: and Message-ID headers. If the
signing MTA knows that the email is going to a list, it could even sign the
list-post header that's going to be added. The point is to offer a
signature that satisfies ADSP, while reducing the opportunity for replay
attacks. Of course, if you're publishing ADSP discardable policies, you
probably don't want to offer any opportunity for replay attacks. But there
is, at least, a way of making DKIM, ADSP and lists work together if the
sender wants to do that.
For MLM managers, they should simply reject at SMTP time if they are about
to break ALL the DKIM signatures of a message from a discardable domain.
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
More information about the ietf-dkim