On 30/Jul/10 10:58, Douglas Otis wrote:
On 7/29/10 6:46 PM, Alessandro Vesely wrote:
1. There is no standard way for the domain to learn when any of its
users subscribe to a new list.
Disagree.
I'm happy to hear that. The possibility that a domain becomes aware
of all of its users' subscriptions has been aired various times
before. I think that is in many people's desiderata, and have even
tried to devise a way of collaboratively doing it (fixforwarding.org.)
Anyway, let's assume that a domain has somehow managed to maintain a
database of all the lists that its users are subscribed to. That
domain signs all outbound mail and publishes a non-default ADSP. I
propose that, when a message is destined to a list, the author domain
signs a few header fields only, not the body, and tags the message
with a (signed) list-signature-required sort of advice. Messages to
multiple list and non-list recipients have to be split, regularly
signing the non-list copy.
Another way of achieving the same effect would be to standardize all
acceptable message changes, together with a MIME-compliant
canonicalization. We've already noted that in some cases (plain text,
poster-added subject tags, not signing "Content-Type", l=) it may work
as-is. For the general case, and for the time being, the advice
requiring the added list signature guards against replay attacks:
Verifiers must ensure that both signatures are valid, unless they are
the domain whose signature is missing.
2. Granting a TPA implies a good degree of trust.
Most mailing lists would be safe for a domain in their position to
authorize.
Except that phishermen.com may set up a mailing list for the sole
purpose of getting that auth.
W.r.t. TPA, this joint-signature proposal only authorizes messages
actually destined to a mailing list. Although the list can change the
whole body, it is still constrained by the few signed fields.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html