ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Re: DKIM and mailing lists

2006-01-20 07:56:44
from [Hallam-Baker, Phillip] [Permanent Link] 
Couple of points:

1) I never proposed certificates as a substitute for domain
authenticated keys. I suggested certificates as a means of providing an
auxilliary level of assurance.

2) If you have a mailing list that signs mails and you have a reliable
method of knowing the order of signing (such as the signature count I
proposed) the processing steps are simple:

  * Look at the last signature created first
  * If the signature claims to be from a mailing list that we have not
subscribed to then junk it.
  * If the signature validates and the mailing list reputation is
sufficient accept
  * Otherwise look at the next latest signature.



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Eliot Lear
Sent: Thursday, January 19, 2006 11:44 PM
To: Douglas Otis
Cc: Aumont - Comite Reseaux des Universites; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: DKIM and mailing lists

Doug,

Most lists confirm the email-address by mailing back a link 

to verify 

that the participant indeed receives email at that 

email-address and 

wishes to subscribe to the list, a double op-in.  Will 

participants on 

a list need to have their own certificate?  You seem to be 

validating 

Phillip's concept of using trusted certificates rather than DKIM's 
self issued public keys.

That's not really where I was going.  What I more envision is 
that a mailing list will have its own reputation that will 
match the LCD of the list, just as you say, but that the way 
to protect against that is for lists to be at least a little 
picky about who they allow on.  After all, we've said that 
dkim is just a part of the solution, and we've indicated that 
reputation systems are important (albeit out of scope for 
this group), so why not let them address this problem as well?


Sender beware.  If it were to become common practice to overlay or 
remove the DKIM signature upon delivery...

The ONLY time one removes a signature is when one breaks it.

Eliot
_______________________________________________
ietf-dkim mailing list
http://dkim.org




_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM and mailing lists, Wietse Venema
Next by Date:  Re: [ietf-dkim] Re: DKIM and mailing lists, John Levine
Previous by Thread:  [ietf-dkim] Re: DKIM and mailing lists, Frank Ellermann
Next by Thread:  Re: [ietf-dkim] Re: DKIM and mailing lists, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]