On Tue 06/May/2014 03:30:30 +0200 Russ Allbery wrote:
Miles Fidelman <mfidelman(_at_)meetinghouse(_dot_)net> writes:
I haven't actually dug into the details of how Outlook does things,
but... does not RFC5322's series of resent- headers start to provide a
direction for standardizing mailing list use of header fields?
I think these are used in the opposite direction of what you'd need to
satisfy the current constraints. The entity doing the resending goes into
the Resent-* headers, and From is left unaltered, whereas to satisfy this
signature scheme you would need to do the opposite.
I beg to differ. To adjust the signature scheme so that it works in
the face of resending is plan A. The From: field is set by the
author's MUA and checked by the MSA.[1] Leaving it unaltered is a
privilege that resenders need to earn by enforcing MSA-equivalent
checks. WSJ article sending is an example where From: ought to be
changed, while gmail and MLs can keep it unaltered.
It is a technical challenge to define authentication correctly, but we
should not modify the semantics in order to meet the constraints.
This problem is not specific of DKIM signatures. S/MIME and OpenPGP
present it too; for example, Thunderbird fails to verify S/MIME-
signed mailing list messages[2].
Whitelisting by (sub)domain name can be done according to how well
they carry out the checks they're responsible for. Maintaining
whitelists without relying on authentication --plan B-- will likely
require more human knowledge and personal judgment than with a working
signature scheme in place.
Ale
[1] http://tools.ietf.org/html/rfc6409#section-3.2
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=885286#c4
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822