ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-03 09:19:38
from [Hector Santos] [Permanent Link] 
Alessandro Vesely wrote:


Crypto stuff at connection time is a different ongoing task, which may 
be useful in countering replay attacks in general.  Joint signatures 
and From-%-rewriting are two easier and more specific techniques for 
describing how responsibility is transferred when a message transforms 
into another.  I mentioned them in this thread because I deem they are 
worth being considered, each in its niche of suitable use cases.


I think you need to better appreciate and understand how fundamental 
the "Message" From field for any forms of communications and/or mail 
networks is.  It would be a radical change to open up this door and 
"Pandora box" to make it the norm and mindset that a From: is 
unreliable. Not saying it is not prone to abusive, but fundamentally, 
when people believe in the message, they also make that natural 
trusted tie to the author of the message.  Never mind the gateway 
exchanges and networks using From among the fundamental elements of 
the payload.

That said, I believe what you speaking of is when a mail bot 
completely take over a message from an authorized or intentional 
design basis. i.e. a newsletter, a newspaper article, a read only 
forum, whatever, etc, messaging  usages were the From: is less 
important and more of a "global entity."

Let me ask you this, does this apply to a MLM serving a LIST such as 
this one? IETF-DKIM?   Should it be programmed to change it to?

   From: DKIM POST MASTER <postmaster(_at_)mipassoc(_dot_)org>

or

   From: DKIM POST MASTER ON BEHALF OF XYZ <postmaster(_at_)mipassoc(_dot_)org>

I guess the goal would be to make the resigner a 1st party DKIM 
signature with the From  domain being mipassoc.org.

Even if the MLM was allowed to do this for list of this type, do we 
now also recommend that MIPASSOC.ORG have a ADSP policy?

It sounds like a good idea, but it would a very radical change. I 
don't wish to be part of the group of MTA and MLM that begin to fuss 
around with the 8222.FROM making the mail more unreliable and less 
trustworthy.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Hector Santos
Next by Date:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Alessandro Vesely
Previous by Thread:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Alessandro Vesely
Next by Thread:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]