On May 2, 2014, at 9:44 AM, Hector Santos <hsantos(_at_)isdg(_dot_)net> wrote:
On 5/2/2014 10:42 AM, John R Levine wrote:
I wouldn't bother with what you've proposed.
Neither would I. Whitelisting solves this problem far better.
Assuming you mean a signer domain and/or list domain whitelist, no it doesn't
John. It doesn't do diddly squat about dealing with protocol faults which is
what this is all about and always have been for 9 years John. That can only
come from the message anchoring domain -- the originating source/author
domain.
What if the Signature is missing or invalid? What if the mf=y tag doesn't
exist and it was intentionally left out which will be the default
considerations such this would be an "DKIM Add-on" concept? Are you going to
continue to forward?
Dear Hector,
I hope you are willing to review a TPA draft. It is not really just a
white-list since it combines validation of third-party services together with
specific exceptions granted by trusted domains conveyed in a message (Author
Domain in most cases.) It does not suffer from the complex overhead of
creating special signatures for specific senders and recipients. This seems to
be an issue overlooked in John's rendition of Pete's request. If Pete is
serious, perhaps added tuples of author-domain and third-party/intended
recipients could define a DKIM replacement/enhancement. The TPA approach
should still be easier to manage and adapt to technical changes without any
increase in average message size. In either case, the sender MUST convey
additional information to mitigate disruption of legitimate messages caused by
requested restrictive policies.
Regards,
Douglas Otis
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822