On Tuesday 10 August 2010 15:29:58 Murray S. Kucherawy wrote:
I've done some other rearranging in there now. Let me know what you think
once -02 is published.
Section 5 looks a lot better. Well done.
5.3 Subscriptions
(minor) "disallow or" suggest removal
I think disallow is going to far. The subscription to a list doesn't imply an
intent to post. Depending on the list type of couse this may not be possible.
(previous suggestion by me:
Though in controvention of the current advice of treating DKIM-
signature
failures the same as no signature, I dare to propose something
different based
on the assumptions that:
1. MLM are the predominate signature breaking software
2. MLM are rarely chained as this creates a inconsistant subscriber
lists [...]
As such I suspect that a MLM-Input will always receive an DKIM
signature
intact. My dare of a proposal is that a deployment option for a
participating
MLM or a Wrapped Non-Paricipating MLM could be to reject DKIM signature
failures on its input. Thoughts? disagreements? Did I suggest this
before? if
so - sorry.
I don't think this is necessarily a bad idea -- indeed, early data from
OpenDKIM suggests this may even be likely -- but I don't know that this
document should recommend or suggest it. It certainly is something an MLM
implementer could decide to do.
On the other hand if the data collected by the WG shows that signature
survival rates are generally pretty high, maybe this isn't such a crazy
idea.
how are the stats looking?
Thanks for your feedback! I'll watch for your "MUA Considerations" text.
reworked based on feedback:
ANNEX A - MUA Considerations
The main body of this document describes a number of MLM behaviours that break
DKIM signatures. These behaviours are, in some cases, features required by MLM
operators to forfill technical, policy or legal requirements. Some of these
behaviours operate in such a way that breaks DKIM signatures and have
alternate implementations that will also meet the needs of MLM operators.
Header Footer additions
Header/Footer additions on MLM can include unsubscribe information describing
to the user how to unsubscriber from a MLM
MLM are recommended by LIST-ID to include a List-Unsubscribe header field. In
the presence of MUA support this would depreciate the necessity of
Header/Footer additions for unsubscribe information.
MUAs are recommended to present to the user the List-Unsubscribe header field
URL in such a way that they can utilize this URL easily to unsubcribe from the
email list.
Subject Header Modifications
A reasonable number of MLM list subscribers potentially still recognise and
filter messages based on the subject line. The subject line modification is as
effective as a List-ID filtering and MLMs are recommended to include this
header field.
A MUA could implement the following features to reduce the need for signature
modifications:
* Display of the List-ID header field is used present the name of the list to
the user.
* functionality to create a filter based on based on the List-ID header field.
Authenticated Results
[AUTH-RESULTS] describes how a MUA could use the Authenticated-Results header
field to present DKIM validation information to the user. This is particularly
important where the presence of broken author domain signatures are present
and the presence of MLM dkim signatures may be used for alternative
authenticity or filtering determinations.
A MUA could use the Authenticated-Results header field to:
* Display what authentication was performed by the verifier
* Create a display and filtering options based where on common domains occur
in list-post header fields and DKIM signatures (recommended in section 5.7)
The security considerations of AUTH-RESULTS need to be carefully addressed by
the MUA to prevent deliberate exploitation of user perceived integrity
information.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html