On May 1, 2014, at 12:54 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
author's site. That shouldn't require the mailing list to communicate
with the author's site, but it might require the author's site to get
something from the mailing list's site.
That seems overcomplicated. Just make the expiration time fairly
short, since it's a rare mailing list that takes more than a day to do
its thing.
Perhaps it's time for a more concrete proposal to be written down.
It occurred to me that there's a very simple way to do this:
http://datatracker.ietf.org/doc/draft-levine-may-forward/
Dear John,
This scheme permits replay of From header fields with _any_ content
irrespective of actual sources. DKIM-Delegate at least indicates who to trust,
irrespective of how the message is identified. Neither of these schemes will
be effective at dealing with spoofing attacks.
Once one stops ignoring the overhead associated with DKIM and the like, a
straight forward authorization scheme becomes far more reasonable from the
overhead standpoint and much more effective at mitigating spoofing attacks.
Such a scheme would only come into play for non-aligned messages and does not
involve passing around hapless signed tokens as with DKIM-Delegate or
DKIM-May-Forward.
Regards,
Douglas Otis
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822