[Top] [All Lists]

Re: [ietf-dkim] Re: "I sign everything" yes/no

2006-11-26 13:38:50

----- Original Message ----- From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>

Netnews is a separate case, but again not worth delving into here.

It is out of scope but well worth people looking into. My guess would be
that it should just work. NNTP is a much cleaner environment as
NNTP servers do not as a rule make arbitrary conversions to
messages as many SMTP servers do.

Agree. Also NNTP has a stronger posting requirement. The loopholes have been ironically the advent on web site systems, which started out as readers, but now are allowing posting as well.

Deploying DKIM just within the NNTP environment as a spam control
measure could make a lot of sense. It will inevitably happen as
people write DKIM aware mail/news clients.

I can easily see adding one quick feature to our NNTP server to support some level of DKIM/SSP.

Example: SSP control logic to handle ARTICLE posting.

With a few lines of code, the NNTP server can easily check to make sure the From: domain is not using a *restrictive* domain SSP, such as a high value domain who have absolutely, uncategorically, no interest in seeing uncontrolled users masquerading their domain entity in news groups environments.

This would be server side so it would handle ALL RFC news reader MUA clients. No change required to DKIM/SSP specs that I can see off hand.

But beyond this, it gets hairy.

My wish for this DKIM/SSP effort is to first focus on server-side, transport operations because no matter what, that needs to get done first. We can't depend on the "new" MUA becoming the requirement for DKIM/SSP implementation.

One we get the backend protocol requirements all worked out, then we can write new guidelines and interface requirements for MUAs.


NOTE WELL: This list operates according to