Hi Eliot,
By ‘standards compliant’ there I actually mean ‘not non-compliant’, meaning
there’s no basis on which to coerce MLMs to change their behavior.
I can change to the “RFC5322.From” notation if necessary.
The use of FBL in this context is in line with how the MARF working group is
using it and also lines up with the discussion that got this whole recent
effort started. Is there some other definition I should be aware of?
I’ve extended 3.2 as you suggested.
For 4.1, I’ll need to go over it again, unless you (or someone else) has some
suggestions. I just looked at it and it seemed reasonable to me; it’s not hard
for me to figure out which lists I’m on that are and aren’t MLM-aware. This
document might even encourage MLM operators to announce this to their users at
subscription time so they can be appropriately informed.
For 5.1, I’ve changed it to “mail streams”, which is defined earlier in the
document.
For 5.2 and 5.4, I’ve added some clarifying text.
Thanks for the thorough review!
-MSK
From: Eliot Lear [mailto:lear(_at_)cisco(_dot_)com]
Sent: Monday, May 17, 2010 4:36 AM
To: Murray S. Kucherawy
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Lists "BCP" draft available
Hi Murray,
Thanks for taking a shot at this. Here are some comments on the Lists draft.
First, I support the draft becoming a working group document.
However, I wonder if it requires simplification with a bit more discussion as
to motivation. I'll get into some of that below.
Introduction 3rd and 4th bullets should use consistent terminology, so I
suggest:
s/mailing list/MLM/
Section 1.2
MLM behaviors are well-established and standards compliant.
I don't understand what you mean by standards compliant.
Same section lower down:
However, the fact that the From
field of such a message is typically the same as for the original
message and that recipients perceive the message as "from" the
original author rather than the MLM creates confusion about
responsibility and autonomy for the re-posted message.
Isn't there standard terminology to distinguish between the From and from
(e.g., SMTP-From)?
Section 1.3
FBL? What a horrible misuse of an already common term. Is there a cite for
this or can we change it?
Section 3.1
I *love* the title of this section!!!
However- I believe we need to be careful to cite the source of these
definitions, so as to avoid conflict should they change.
Section 3.2
The remainder of this document operates on the presumption that a
message going through a re-posting MLM actually comprises two message
transactions
s/re-posting/resending/
?
I think, by the way, that 3.2 should probably be expanded with regard to the
logic behind steps 1 and 2. Seems to me that's the thing that will help
mailing list maintainers understand why the solution is correct.
Section 4.1.
I'm uncomfortable with this section. I don't know how an author is supposed to
know whether an MLM is a participant or non-participant. Moreover,
discrimination at the enterprise level seems like a great opportunity for us
vendors to sell more hardware without much customer benefit.
I would rather see this section simply say that messages originating from ADMDs
that have strict ADSP polices are advised to not make use of either
non-participating MLMs that corrupt signatures.
Section 5.1
Authors may be well-advised to create a DNS domain specifically used
for generating signatures when sending traffic to MLMs
I think you have to be really clear on this point, because it can be read in
one of several ways:
* Author domain should be used expressly to transmit to MLMs, in which case
you should make it clear when this should be the case (e.g., you couldn't
imagine an entire enterprise redoing their email infrastructure to such an end)
* The SIGNING domain and NOT the author domain should be used expressly to
transmit to MLMs, in which case we have a problem I mentioned above;
* Something else
Section 5.2:
In the case of verification of signatures on subscriptions, MLMs are
advised to add an [AUTH-RESULTS] header field to indicate the
signature(s) observed on the submission as it arrived at the MLM and
what the outcome of the evaluation was.
What if any level of operational trust should be placed in such a header?
Section 5.4
A DKIM-aware resending MLM is encouraged to sign the entire message
as it arrived, especially including the original signatures.
Would I as an MLM want to resign a message that I received that itself was not
signed? Do I want to confer more authority to that message than is warranted?
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html