ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc.

2006-03-15 22:40:48
from [Scott Kitterman] [Permanent Link] 
On 03/15/2006 21:51, Dave Crocker wrote:

Michael Thomas wrote:

John Levine wrote:

How does a receiver know the difference between a "mailer" and a
"random third party"?


It doesn't, and it doesn't care.  It looks up the signing domain in
its handy local list of signers worth paying attention to.  Maybe at
some future time there will also be external sources of worthy
signers, but that's way outside the scope of any discussion here.


Which handy local list of signers is that? Where do I find Cisco's?


Michael,

The signature that you are so worried about preserving is only useful if
there is some database to consult, about it.

That's the list John is referring to.

So whatever you are planning to consult, after validating the originator's
signature, is what should be consulted after validating the list's
signature.

In other words, a valid signature is a valid signature.  An invalid
signature is an invalid signature.

And, as I've raised many times, I do not understand the compulsion to
preserve a signature for a message that is re-posted by an automaton user
agent, when there is no equivalent expectation of preservation, for a
message that is manually re-posted -- such as when I forward a message on
to someone else.  The architectural role is the same.  The semantics are
the same.

Mailing lists can do, and do do, whatever violence to a message they wish
and their subscribers find useful, because the mailing list agent is really
posting a new message, no matter how close it might seem to the original. 
A small amount of hacking to make the close ones preserve the signature is
one thing.  A large amount is quite another. So is attempting to declare
the ones making larger changes "wayward".

It is not reasonable to try to declare that the ones doing small changes
are somehow acceptable but that the ones doing larger are not, since a)
there is no specification or established practice to justify that
declaration, and has been pointed out rather directly, b) such a
declaration will have no beneficial effect.

So, as vigorously as you are arguing your position, I am not seeing how it
produces anything that will work in the real Internet.

d/


This database that you insist is necessary for DKIM to be useful is pretty 
well by definition a reputation system.  So, if as you say a DKIM signature 
has no value without a reputation system of some limited kind and reputation 
is out of bounds, I guess I don't understand what you think we are doing 
here?

Scott Kitterman
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Concentrate on the threats doc, John Levine
Next by Date:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Dave Crocker
Next by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]