[massanity] Re: Initial thoughts from Nathaniel

ned.freed at mrochek.com ned.freed at mrochek.com
Sat Dec 18 16:09:08 CET 2004

> I asked the people at Cisco working with the IIM proposal why they sign
> the body of a message, and I got the answer "to protect against replay
> attacks, where a signed message is grabbed, body changed, and then used
> as spam". Further, even though it protects only the MX hop, they claim
> the verification *can* be done end to end (verification in client) if
> the MTA doesn't support MASS verification. Also, they explicitly want
> the verification to survive what I would call two MX hops, where
> mailing list explosion is happening in between the two hops.

Simply put, they're completely delusional. As the recent discussion on the
mailsig list has shown, the extent and variety of content transformations done
to messages is *vast* and no signature scheme can possibly accomodate it. And
this is the *rule*, not the exception, and the general trend is to do more of
this sort of thing, not less.

Lastly, o pretend that the IETF has any control over this, or any chance of
stopping it or even slowing it down, is even more delusional.

> So, what I see is (once again) that the list of "what problem are we
> solving" is missing.

Actually, I think the problem being solved in the abstract is pretty clear.
What's missing is either an understanding of present-day email realities, a
focus on practicalities rather than on the world-we-wish-we-had, or both.

But you're right about this being "once again". We do this sort of thing
all the time: We let the best be the enemy of the good. This is especially
likely when security matters are involved.

Like it or not, long-hop protection, despite its very real limitations, is the
best we can hope for. We need to focus on that. If we don't the group is going
to fail. I have made it known that I'm not going to waste time on yet another
end to end signature scheme. Isn't four failures enough, for heaven's sake?
(I'm sorry, but unlike Chris I don't count widespread implementation as a
partial success. Widespread usage is what counts, and it hasn't happened.)


More information about the massanity mailing list