Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion
2010-04-30 10:09:33
On 04/30/2010 07:38 AM, McDowell, Brett wrote:
On Apr 30, 2010, at 10:23 AM, Michael Thomas wrote:
On 04/30/2010 07:05 AM, McDowell, Brett wrote:
In that scenario, if the MLM re-signing solution has been deployed by Y,
and DKIM+ADSP has been deployed by X& Z, and Z has chosen to take action
on X's ADSP policies... the only thing Z is trusting Y to do is validate
incoming DKIM signatures, re-sign the messages with its own DKIM signature,
and pass it along with the A-R results that convey what was done. Z is not
trusting everything and anything that might ever come through Y.
I think that's a reasonable level of trust to expect mailbox providers to
have in mail lists who assert that they do this. Rogue mail lists will
stop being trusted but only after they have "lost" the trust that was
granted to them via their standards-based assertion (we would probably need
to spec out how a MLM advertises that they indeed conduct flows in this
manner) that they perform these functions on incoming mail.
Again, I'm not saying this is the best or most elegant way of handling the
problem of properly authenticated mail not being able to traverse mail
lists, but it seems worthy of further discussion as an option.
Yeahbut... there are zillions of mailing lists out there. How do you know
the good ones
from the bad ones? Keep in mind, of course, that bad guys can resign too,
and they can
easily make themselves look like a mailing list if that's something that
gives them
advantage.
Indeed. But mailbox providers all have their own secret sauce for figuring
out reputation of senders that I believe they could apply to this new flavor
of sender -- meaning MLM's who adopt the MLM-DKIM spec we seem to be debating
the virtues of developing -- without too much overhead.
If the solution is some sort of (third party) reputation/whitelist, then
there's really
not much for us to do, right?
I think we still need this spec I'm starting to refer to as MLM-DKIM to
specify both the proper way of conducting this re-signing& reporting
practice and how the MLM advertises that they follow it.
Even with your discardable adsp setting, it becomes a
matter of the order of checks at the receiver's gate (eg, whitelist first,
then adsp...)
But since mailbox providers already manage reputation at scale, how much of a
burden is adding this bit to the mix? Remember this only affects mailbox
providers who have decided to do DKIM blocking based on ADSP discardable
policies (for some, if not all senders).
Let's put aside whether there's something new here for the moment (i've not had
my
coffee yet...). By all rights, we should not be having this conversation right
now
at all because you have set adsp discardable. So even if we adopted some
bcp-like
advise for mlm and receivers, it would be years if not forever before we could
have
a reliable conversation on this and other lists again. Maybe at paypal that's an
acceptable tradeoff (?), but at my previous employer, all standards work, for
one,
would cease and there would be lots of engineers with pitchforks and torches.
So what I'm getting at here is that I'm having a hard time understanding how the
bootstrap doesn't fail for most sending/receiving entities. As I'm sure you
know,
false positives drive mail admins to complete distraction... which is the
situation
it looks to me that you're willing setting up.
That said, you (paypal) are far braver than I am, but if you can make this to
work
somehow as a large enterprise that would be a pretty amazing accomplishment.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, (continued)
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Powers, Jot
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Douglas Otis
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John R. Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John R. Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Jeff Macdonald
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Michael Thomas
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion,
Michael Thomas <=
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John Levine
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, John Levine
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, Douglas Otis
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, McDowell, Brett
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, John Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
|
Previous by Date: |
Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart |
Next by Date: |
Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John Levine |
Previous by Thread: |
Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett |
Next by Thread: |
Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|