-----Original Message-----
From: Dave CROCKER [mailto:dhc(_at_)dcrocker(_dot_)net]
Sent: Wednesday, April 28, 2010 11:24 AM
To: MH Michael Hammer (5304)
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should
strip DKIM signatures
On 4/28/2010 8:02 AM, MH Michael Hammer (5304) wrote:
A few thoughts to fuel the discussion:
1) It may be that the BCP document would appropriately have a
section
for end users of mail lists. One possible recommendation is that for
domains which have strong security concerns, they may want to have a
policy against posting to lists using the domain in question. (I'm
throwing this out as a straw man).
Are you suggesting a bit of draft text that recipient sites might
include
in the
email practices documentation they supply to the (human) users?
The first question is whether the statement makes sense. The second
question is where it might be communicated.
2) One possible recommendation to list managers is that if a message
to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be maintained intact then the list should bounce
the
message.
What is the particular benefit of doing this, rather than letting the
receiving
site do the bouncing? This is extra mechanism for the MLM, and most
MLMs
won't
be supporting it. I'm trying to get a clear sense of the value
proposition for
this.
Is your assertion of what most MLMs will do "a priori" knowledge and is
your timeframe forever? John has advocated that the MLM should strip the
signature so how exactly would the receiving site know to check ADSP?
3) Is there a way for us (perhaps in a future version) to provide
for
some sort of "encapsulation" that will allow the original
signature/message to be maintained even as the list does certain (as
yet
unspecified) actions which might currently break the signature? Just
blue skying here.
I think you are raising the (much) larger question of constraining the
nature of
changes made by MLMs. Since the are actually posting an entirely new
message,
they have the legitimate freedom to do what they want to it. However,
some can
choose to participate in that much more constrained role, looking more
like a
relaying MTA than a modifying intermediary.
DKIM and ADSP impose constraints for those who choose to participate.
This is no different. I intentionally avoided suggesting the relaying
model with the goal of leaving the potential approaches open to
discussion.
4) I recognize the chorus which says "mail lists have always done
things
a certain way and who are you to tell us how or what we have to do".
Having given that recognition, in creating an authentication model
it
Strictly speaking, DKIM does not "authenticate" any part of the
message,
othe
than the d= parameter.
I realize that this is an irritating observation, but it is
semantically
precise
and accurate. Absent the presence of ADSP usage, assuming that
anything
else is
"authenticated" goes beyond the DKIM specification.
If DKIM doesn't authenticate any part of the message, what exactly is
the body length hash?
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html