--On 15 June 2010 14:55:55 -0400 W B Hacker <wbh@???> wrote:
> Ian Eiloart wrote:
>>
>> --On 14 June 2010 11:59:30 -0700 Phil Pennock <exim-users@???>
>> wrote:
>>
>>> I think that if you run a mailing-list manager which modifies content at
>>> all, whether it's a message footer or Subject: manipulation, then you
>>> should be looking to strip DKIM-Signature: from mails as part of
>>> processing the mails. There's no need to embed any replacement
>>> signatures or know anything more than "this is a checksum header, we're
>>> breaking the checksum, strip the header out". It would probably be more
>>> polite to rename it to Old-DKIM-Signature: rather than remove it. And
>>> processing DomainKey-Signature: in the same way would be good.
>>
>> I think the recommended behaviour is to leave alone the original
>> signature, and add your own. Given that mailing lists can break
>> signatures, it's unwise to reject an email on the basis that it carries
>> a broken signature.
>>
>
> Well there yah go ... the pragmatic world bites again. And rightly so.
>
> But one of the reasons I've not been enamored of DKIM and predecessors
> from the outset.
>
> While 'on point' - my suggestion that MLM admins
> strip-now-probably-broken and replace with known-good sigs would
> (AFAICS) at least reduce the need to give a pass to broken DKIM, AND
> centralize the source AS the MLM, not sideswipe the validity of the
> creds of every possible poster TO a given list ... means 'somewhat'
> fewer broken DKIM in the wild.
>
I think this somewhat misses the point of DKIM. Like SPF, it's used for
authentication, not for authorisation.
Successful authentication with DKIM simply means that the message is
unalterered (in certain respects) since it was signed by the signing
domain. There are many ways that messages might carry broken signatures,
including forwarding by DKIM unaware MLMs, and by MUAs.
The DKIM specification says that a broken signature is to be treated like
the absence of a signature. However, a broken signature might help an
administrator to trace a problem with an email, so there is some value in
retaining it when forwarding.
The presence of a good signature simply means that you can (a) apply some
kind of reputation assignment to the message on the basis of:
(i) the reputation of the signing domain, and
(ii) reputations that might be applied to the signed content in the
context of the signing domain.
and, (b) use the content of the message to modify your reputation database.
An example of (ii) above might be that you could use the "From:" header
address for reputation, provided that it's signed. You might only want to
do that if the address domain matches (or, perhaps is a subdomain of) the
signing domain.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/