--On 3 August 2010 15:30:17 +0200 "Rolf E. Sonneveld"
<R(_dot_)E(_dot_)Sonneveld(_at_)sonnection(_dot_)nl> wrote:
Trusting the MLM may be possible for you personnly for this particular
mailing list, but your choice is not scaleable to the Internet at large.
Or is the general consensus that (in the long run) the reputation of the
MLM domain is sufficient for the verifier/receiver of MLM distributed
mail? I don't read that in the draft.
/rolf
It's the MLM that sent the message. Therefore any judgement of
trustworthiness must be made with regard to the MLM.
If the sender domain wants to make some assertion about the message that
will survive the MLM, then it needs to sign something that the MLM isn't
going to change. Perhaps, in addition to a full strength DKIM signature, it
could add a signature of the From:, Date: and Message-ID headers. If the
signing MTA knows that the email is going to a list, it could even sign the
list-post header that's going to be added. The point is to offer a
signature that satisfies ADSP, while reducing the opportunity for replay
attacks. Of course, if you're publishing ADSP discardable policies, you
probably don't want to offer any opportunity for replay attacks. But there
is, at least, a way of making DKIM, ADSP and lists work together if the
sender wants to do that.
For MLM managers, they should simply reject at SMTP time if they are about
to break ALL the DKIM signatures of a message from a discardable domain.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html