ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-14 10:55:03
from [McDowell, Brett] [Permanent Link] 

On Sep 13, 2010, at 8:43 PM, John R. Levine wrote:


But if that stuff was signed before entering our whatevers, how can we 
verify the signature when pulling it out?  This question may entirely 
invalidate assumptions that nobody ever actually made about somebody 
else's theoretical wiping policy!


Not to stretch this metaphor too far, but I believe that the assertion 
that people care whether mail inbound to MLMs was signed remains utterly 
unsupported.


I support it, in the context of supporting the "transient trust" use case (aka 
the A-R approach).



Give the IETF's traditions, the usual way to show that you care about 
something is to write the code to do it.  


So if you don't write code for senders you aren't allowed to express an opinion 
about sender policy?  That's just silly.  We are all stakeholders in this 
ecosystem and we all have a right to our opinion and perspective, regardless of 
how we engage/influence the Internet Mail ecosystem.


For the lists I run, I've 
modified MJ2 to put a signature on outgoing mail with the list's domain 
and a private field to say which list it was.  I can't say I've seen any 
improvement in delivery which was already close to 100%, but it certainly 
hasn't hurt anything and it's made it easier to process Yahoo FBLs. 
That's one of the reasons I'd want a list BCP to tell lists to sign their 
mail; I've tried it, albeit at small scale, and it works.  We know from 
reports that at least one MTA misimplements ADSP to reject on discardable 
failures, which suggests that a robust MLM should be prepared to deal with 
that, most simply by pre-discarding anything that might cause that 
problem.  I haven't implemented that because, so far at least, none of my 
susbcribers appear to use ADSP so it's pretty low on my list of things to 
worry about.

Based on recent correspondence, it appears that one of the most vehement 
advocates of modifying MLMs to work around ADSP and to pass through info 
to retroactively check contributor signatures hadn't noticed that I put 
S/MIME signatures on my list mail and that even though it adds a footer to 
each message, Mailman passes the signatures through so his MUA can verify 
them.  Care?  Get real.


You lost me.



R's,
John
<smime.p7s><ATT00001..txt>



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Michael Thomas
Next by Date:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, MH Michael Hammer (5304)
Previous by Thread:  Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review, Jesse Thompson
Next by Thread:  Re: [ietf-dkim] where's the code, was draft-ietf-dkim-mailinglists-02 review, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]