[Asrg] where the message originated

Steve Atkins steve at blighty.com
Mon Jan 12 10:04:45 PST 2009 

On Jan 12, 2009, at 8:30 AM, Alessandro Vesely wrote:

> Steve Atkins wrote:
>> On Jan 12, 2009, at 4:44 AM, Alessandro Vesely wrote:
>>> Hm.. I'm not much into DKIM. It technically allows to sign false  
>>> identities, but doesn't (or shouldn't) it semantically imply that  
>>> the signers must have some (possibly small but still positive)  
>>> degree of trust that what they sign is correct?
>> No. The signature only means that the message you received was the  
>> one signed by the signing identity.
>
> Thanks for the clarification.
>
>> Any mail system that only allows mail to be sent one at a time, and  
>> requires that the mail be hand-typed (rather than stored in a  
>> signature or pasted in) and which charges for the service via a  
>> credit card is going to be a negligible source of abusive email.
>> KioskCo is definitely going to want to sign the outbound mail with  
>> their identity, as that identity is unlikely to get a bad  
>> reputation and will likely get a good reputation over time.
>
> Wouldn't then make more sense to just sign, say, the date and the  
> message-ID?

Yes, absolutely it would...

... except for replay attacks.

DKIM is intended to allow the recipient to reliably identify the  
signer of the message they receive. (It intentionally differentiates  
between "signer" and "sender".)

Defining "the message" is important. Anyone can take a signed message,  
and modify any part of the content that wasn't signed, and resend the  
modified message and it will still be validly signed by the original  
signer. For example, if my bank only signed the date and message-id  
then I could take legitimate mail they sent me, replace the body of  
the message with a phish and send it out, and it would still appear  
validly signed by the original signer (the bank).

That's why DKIM (when used correctly, anyway) is also used to  
demonstrate that important recipient-visible parts of the message  
(such as the body and the subject line) haven't been modified since  
the message was signed. (There are other possible ways to avoid replay  
attacks, but DKIM chose - for good reasons, I think - to use this one).

> Besides malicious abuses, typos are also a possible source of  
> confusion for end users. Considering that perhaps one day it will be  
> possible to read the correct email address from the payment card, if  
> I were KioskCo, I would avoid to sign From headers I don't trust,  
> unless specifically required by DKIM or related BCPs.

I suspect that KioskCo would just sign the entire message - but the  
reasons for that are long, vague and not terribly interesting.

> [N.B. "KioskCo" in this thread is understood as an example name, not  
> related to possibly existing companies bearing the same name.]

Yup.

Cheers,
   Steve

More information about the Asrg mailing list