ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ADSP, was Lists "BCP" draft available

2010-07-25 04:44:24
(More from a review of the lists BCP chatter, with an eye toward a forthcoming 
document update...)

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Michael Thomas
Sent: Wednesday, May 26, 2010 2:23 PM
To: Scott Kitterman
Cc: DKIM List
Subject: Re: [ietf-dkim] ADSP, was Lists "BCP" draft available

Such transient trust can't be spoofable. It needs to have properties
such that if it asserts "trust me, it was signed by PayPal when I got
it,  so you can ignore their discardable flag" it can't be used by
arbitrary senders to bypass PayPal's ADSP.

I don't know of a way to do that which doesn't require a trust
relationship with the mail list provider. If you have such a
relationship then it's relatively trivial to just not bother with ADSP
checks for mail from such lists.

I'm left not knowing what advantage there would be from a more
complex standardized approach.

Right, and where I have problems is that I doubt that most admins have
any clue whatsoever
which lists their users subscribe to. Some certainly have policies
which may inform them
(= don't do it), but beyond that this sounds somewhere close to an
impossible task.

I don't think it's too far-fetched to think that one or more of the following 
will eventually be true:

1) A signing domain, in this case a list provider, will develop a reputation 
that it does proper DKIM validation before re-signing, and thus that its A-R 
header fields can be trusted by receivers;

2) A signing domain will appear in a VBR-like service, with the voucher 
attesting to the fact that the signer does DKIM properly, and thus that it's 
a-R header fields can be trusted by receivers;

3) The need to have this kind of transient trust will be a sufficiently rare 
case that manual exception list maintenance scales just fine.

-MSK

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [ietf-dkim] ADSP, was Lists "BCP" draft available, Murray S. Kucherawy <=