ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-02 12:40:47
On 01/Sep/10 23:43, Murray S. Kucherawy wrote:
Personally I do see use in the document's current form.  Although I
realize MLMs haven't done the work to preserve signatures in the
past, I get the feeling there's desire out there for that to start
to happen; receivers want it, for whatever reason, and I don't hear
a lot of people coming out against the idea.  Are we really on
solid ground telling them "You don't need/don't want/can't have
it?"

+1: if DKIM works it should also work for MLMs.

However, the other issue is to break or remove author domain 
signatures.  John has pointed this out since a long time, for FBL 
reasons.  Doug has brought out the same issue for replaying attacks 
aimed at breaking reputation, because replaying is definitely out of 
control in case of publicly distributed messages.

Mutually exclusive as they may seem, those two issues together simply 
beg for the ability to take just the extent of responsibility that a 
signer deems correct, given the recipients for the message at hands.

I repeat the two proposals that have been made, and ask once more 
whether there are further ways to achieve similar results.

Charles' From-%-rewriting.
It seems the WG disagrees with it.  However, it has also been 
mentioned that some MLMs already change the From.  Should it be 
forbidden?  If not, I see no reason not to document it.

Joint Signatures.
I haven't seen many opinions on this proposal of mines.  Anyone?  Here 
are some pointers:
last paragraph in 
http://mipassoc.org/pipermail/ietf-dkim/2010q3/014008.html
http://mipassoc.org/pipermail/ietf-dkim/2010q3/013881.html
http://mipassoc.org/pipermail/ietf-dkim/2010q3/013829.html
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>