On 5/2/10 11:10 AM, Alessandro Vesely wrote:
John Levine wrote:
Is there some long-standing toxic effect of mailing lists other than
that they don't fit the simple identity models used by recently
devised authentication schemes?
The opt-in mechanism, I'd say. There's no standardized way for
subscribers' servers to learn about subscriptions.
Even if you consider that to be a problem, what could it possibly have
to do with DKIM?
Just that if there were a handshake between a list server and a new
subscriber's MX, they could also agree upon ADSP forwarding, e.g. by
whitelisting the list server.
To retain security, the sender's domain needs to assert domain specific
exceptions for "all" or "discard-able" ADSP policies.
Someone subscribed to a mailing list does not mean the list then has any
purported sender's blessing to make exceptions, especially when some
lists don't prevent simple spoofing. From a security stand point, it
would also be unwise to have automated exchanges with mailing-lists
prompted by receipt of messages needing exceptions.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html