ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Concerns about DKIM and mailiing lists

2006-03-15 06:50:05
from [Michael Thomas] [Permanent Link] 
Dave Crocker wrote:



John Levine wrote:


Massively different is overstatement of how mail lists work. For almost
all mail lists the message would have the same message text body with potentially small additional mail-list footer and potentially change in 

...


I think that if you look at the overall world of list mail as opposed
to the old-fashioned lists that we nerds like, that's not true.  As
I've noted before, Yahoo Groups, the largest list host in the world,
does all sorts of exciting things to mail that passes through,
The meta-issue, here, is what a current batch of mailing list software systems might do, versus what mailings are allowed to do. 

There is no specification that restricts what lists are allowed to do.


There will, however, be restrictions on who and how a domain's
name in origination addresses can be used soon enough. That is the basic
conflict.
The danger of making design decisions based on a current batch is that the next, innovative list will break the signatures. If we think that's ok, then fine. If we think we are making something that will be robust against all legitimate list behavior styles, then we are definitely *not* fine. 

That assumes that mailing list software's perogatives
trump all. They don't. They need to be part of the larger
ecosystem here, and they certainly do not have a god-given
right to preserve the From: address and completely change
the content with complete impugnity. That is the attack
we are by and large trying to eliminate, or at least put
constraints on. If mailing lists insist on changing content
and breaking original signatures, then they should expect
being treated like any other forgery.

The object here is to reach an accommodation between these
two competing needs. But if I had to say who ought to lose
push come to shove, it would be mailing list software that
insists on changing my original content and then trying to
pass it off as if I wrote it. Given the microscopic percentage
of list traffic in comparision to the rest, that is not an
idle threat.

                Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Alan Thew
Next by Date:  Re: [ietf-dkim] 5 outstanding issues with the threat review, Barry Leiba
Previous by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]