On 4/28/2010 8:31 AM, MH Michael Hammer (5304) wrote:
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be maintained intact then the list should bounce the
message.
What is the particular benefit of doing this, rather than letting the
receiving site do the bouncing? This is extra mechanism for the MLM, and
most MLMs won't be supporting it. I'm trying to get a clear sense of the
value proposition for this.
Is your assertion of what most MLMs will do "a priori" knowledge and is your
timeframe forever? John has advocated that the MLM should strip the signature
so how exactly would the receiving site know to check ADSP?
The mailing list technical community has been particularly challenging with
respect to the development and adoption of standards. The List-*
specifications
were hardfought and the current deployment of the feature(s) is still extremely
spotty.
So anything discussion here about mailing lists needs to take that reality into
consideration.
3) Is there a way for us (perhaps in a future version) to provide for
some sort of "encapsulation" that will allow the original
signature/message to be maintained even as the list does certain (as yet
unspecified) actions which might currently break the signature? Just
blue skying here.
I think you are raising the (much) larger question of constraining the
nature of changes made by MLMs. Since the are actually posting an
entirely new message, they have the legitimate freedom to do what they want
to it. However, some can choose to participate in that much more
constrained role, looking more like a relaying MTA than a modifying
intermediary.
DKIM and ADSP impose constraints for those who choose to participate. This
is no different. I intentionally avoided suggesting the relaying model with
the goal of leaving the potential approaches open to discussion.
My point is that you are talking about recruiting mailing lists into this.
Adding active components into a system is expensive, especially when those
components have a very poor track record of adoption. So the value proposition
needs to compelling. For them and for the actors attempting to impose this
burden on the mailing lists.
If DKIM doesn't authenticate any part of the message, what exactly is the
body length hash?
DKIM hashing at most provides data integrity validation, from signing to
verifying.
DKIM makes no assertion of validity of the data being hashed.
In terms of security semantics, this is not a small point.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html