ietf-dkim
[Top] [All Lists]

[ietf-dkim] Re: the more reliable signature fallacy

2008-01-24 08:47:42
Michael Thomas wrote:
 
With SPF you had the lure of doing all of your work at the 2821
layer. That is, reject things before you've read the message.

Receivers can read the DATA and still reject a "FAIL", for SSP,
SPF, and PRA.  Better than the lure to accept mails on probation,
a receiver deciding that it's "likely" spam post-SMTP is trapped:

Bouncing is bad, but dropping is also bad (for false positives).
Bouncing is okay for an SPF PASS, re-enforcing the way how SMTP
was designed in RFC 821.  On the other hand SSP is a new concept:

Many users won't like it if they can't use "their" From-address
in places where it used to be okay before SSP restricted it, and
other users might be also surprised if "resend" requires to keep
the DKIM-signature valid for an SSP-protected From-address.  

I'd consider a MUA as broken if it breaks an existing signature
for resent mail, but I can't judge how realistic my expectation
is - for starters I never used a MUA supporting to resend mails.

This seems a lot more sensible and prudent to me as you're not
elevating SSP to Silver Bullet status which is always suspect.

When receivers drop false positives they might find themselves
looking for a "prudent and sensible" court of justice.  No SSP
problem, rejecting "suspicious" (non-compliant) mails is okay.

 Frank

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html