John R. Levine wrote:
That is quite specifically what 4871 says. To do anything different would
be a major incompatible change. We have explicitly rejected the idea that
"first party" signatures are special in DKIM. (They are in ADSP, but
that's ADSP.) Among the reasons we rejected the "first party" stuff is
that it would make DKIM unable to work usefully with mailing lists like
this one.
I think you meant to suggest to work unrestrictedly by intentionally
ignoring policy-based DKIM security controls defined in two WG
consensus built productions:
RFC4686 Analysis of Threats Motivating DKIM
RFC5016 Requirements for a DKIM Signing Practices Protocol
While the MLM if not technical required by IETF standards to support
policy, there is still intent to neglect security and POLICY every
becomes a standard or a BCP, the ignorant MLM will be conflict. You
might not see that as a problem. I do. Since ADSP is still in scope
of the IETF-DKIM charter, its perfectly "legal" to discuss and apply
it to DKIM. RFC4871bis can not stop it and hasn't since day 1 and
odds are very good it never will be able it bury it.
Honoring security guidelines is very useful in all MLMs that chooses
to support it. Our MLM product does, why can yours?
It was made very simple:
- Stop restrictive policy from subscribing,
- Optionally check for restrictive policy subscription,
Problem solved. DKIM mail integration integrity maintained, useful and
no harm to anyone.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html