Sabahattin Gucukoglu wrote:
On 15 Apr 2014, at 23:20, Pete Resnick <presnick@xxxxxxxxxxxxxxxx> wrote: That suffers the same problems as X-O-A-R: you have to know when to trust the intermediate. In the absence of that knowledge, any message transformation is invisible to the recipient, and potentially malicious. You would have to invent a scheme for identifying transformations, so users could verify them against the original sender's signature. DMARC has put *ALL* the trust into the From: field. That is very unfortunate, but it seems to be the DMARC peoples' idea of a foolproof, user-visible identifier.
First off, with xoar, you don't have to trust the intermediary. If one removes DMARC's alignment mechanism - you can validate that a message originated from a yahoo address by dint of the crypto signature - as long as you don't modify any of the fields that get signed. Now if you want to allow modification of the subject field (e.g., adding a tag) and/or the body (e.g., adding header and footer) - then you might have to be a little cleverer, perhaps by providing information about the diffs in extra headers and doing a few comparisons at the receiving end (subject tag = *****<original-signed-subject>).
It's worth noting that way back in 1999, the folks who designed HTTP 1.1 designed an authentication scheme that works through proxies. They took the time to actually acknowledge mechanisms that were in use (i.e., caching proxies) and design mechanisms that could work in concert with them (and yes, in some cases the proxies have to do new things). Those involved in DMARC, seemingly, did not take the same care to respect the infrastructure.
Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra