ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary)

2009-06-13 11:43:56
from [SM] [Permanent Link] 
At 05:46 13-06-2009, J.D. Falk wrote:

In this reality, intermediaries change messages.  Sounds like a few folks on
this list don't want messages to undergo drastic changes when passing
through intermediaries, and thus are arguing against any attempt to use DKIM
to "legitimize" what they view, Quixotically, as illegitimate behavior.  But
DKIM /will/ be applied in situations where intermediaries change messages,
because that is a reality of email today.


There were more than a few people who actually argued for messages 
not to be changed.  If that wasn't done, it would not have been 
worthwhile to deploy DKIM as the amount of "bad" signatures was too 
large compared to "good" signatures.  There's also the case of list 
expanders.  A very large amount of messages generated by sites using 
a particular list expander invalidated DKIM signatures due to 
"webvertized" content injected as footers and some other 
modifications to the message.  This was well before this mailing list 
was DKIM signing its messages.  The problem has not been solved yet 
but it was mitigated by the removal of the DKIM signature header.

For those of you criticizing the owner of this mailing list for the 
"rsa-sha1", I'll point out that there are some operational 
considerations for that.  If it wasn't for SHA1, there would be even 
less people using DKIM.  That doesn't mean that we should encourage 
the use of SHA1.

The people who use DKIM won't even read RFC 4871.  FWIW, it wasn't 
even published when some of the trade-offs were made.  The bottom 
line is that the effort was to figure out how to make the 
specifications work out for us and for the users who are not 
subscribed to this mailing list.

Coming back to the subject of list expanders, I'll skip the A-R angle 
as there are other venues to talk about it.  The question is whether 
to consider the author's signature, the mailing list signature or 
both.  Sometimes you know the author and you'll choose to pass the 
message through.  But if you rely on that alone, then you are only 
doing selective "acceptance" of the mailing list traffic which goes 
against how a mailing list operates.  There's a well-known mailing 
list that suffers from a spam problem.  If the messages are accepted 
based on the mailing list signature alone (that mailing list is not 
using DKIM at the moment), you are allowing spam into your mailbox.

Regards,
-sm 

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Why bother removing features?, Eliot Lear
Next by Date:  Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary), Michael Thomas
Previous by Thread:  Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary), J.D. Falk
Next by Thread:  Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary), Charles Lindsey
Indexes:  [Date] [Thread] [Top] [All Lists]