MH Michael Hammer (5304) wrote:
The end result is that if you see my messages are "special",
then you know that you can't "resend" it as "me."
All your messages are special!
If you wrote it, its special. Period. :-)
Your MUA should tell ya
"Sorry, you can't do this. This message is Special."
I agree that a well behaved MUA would do this. BAD MUA! BAD!
Not checking it offhand, I wonder how current MUA PGP or currently
supported mail integrity technology handle the "resending" of digitally
signed mail. Does it make a point of popping up?
"Resending this message as new MAY break the integrity"
In any case, this would be item in the checkoff list for new DKIM/SSP
ready MUA designs.
We can't have it both ways. The same way of doing things and
expect to get the security we are seeking.
+1
"Who moved my cheese?" (http://www.whomovedmycheese.com) is my
recommended book to those afraid of change.
Found this interesting article which is germane even if I don't agree
with the authors conclusion and desire to pull an "Al Hague".
E-mail and its security discontents
Why Microsoft, Cisco, IBM and others need to step up to protect SMTP
http://www.arnnet.com.au/index.php/id;1603491549
I bookmarked this to read it later on today.
Something has to give and this one is perfectly acceptable to
me because it helps secured my domains as I intended it to be
secured with a DKIM=STRICT.
And this desire for protection grows as we all run in circles. The other
day I was going through some boxes that had been sitting in my basement
for a (long) while. Found a box filled with internet industry magazines
from the mid-to-late 1990s. With only a few tweaks the articles and
letters to the editor related to abusive email would be applicable
today.
Food for thought.
I honestly think everyone wants the same goals. I respect Mr. Crocker
mantra for incremental changes. Thats conservative and necessary. But
then you see the conflicts of self-interest reputation service marketing
campaign that is basically nullifying all logic.
If you have not seen my DSAP IETF I-D (Now expired),
http://tools.ietf.org/html/draft-santos-dkim-dsap-00
it was based on the simple premise of making sure the DKIM-BASE protocol
is consistent with the domain's signing or non-signing expectations. It
was designed to look for the FAULTS in a transaction.
It asked the following questions:
o Does the domain ever distribute mail?
o Do you expect the mail to be unsigned?
o Do you expect to sign all mail?
o Is your domain the exclusive signer?
o Are 3rd party signers or signatures allowed?
o Are 3rd party signers allowed to strip your original signatures?
There fault questions can be answered *without* reputation services in a
standard general case, wide adoption basis.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html