ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] MLMs and signatures again

2011-05-26 17:36:46
First, lets tune down the "40" years thing. What email list system was 
around in 1970? Its more like 26 years with ListServ (circa 1985) 
among the first and leading the way for the rest of the list server 
developers.

There was, of course, list via X.400 but it was most of a "CC" like 
mailing list and that was more of exclusive entry - not for the public 
and I don't recall any real concerns about security other than being 
accused of being a SPY!

When talking about the public, BBSes and Fidonet predated the Internet 
and the Fidonet Echo Networking technology was the closest thing to 
having network-based public groupware/discussions system. Before that, 
probably CompuServ offers ideas of public groupware discussion areas 
with there GO groups. We had GO XPRESS.  You also have Prodigy with 
public discussion groups.  But outside of these fee base dialups into 
X.25 networks, BBSes were among the first public way to have social 
group telecommunications.

Anyway, needless to say, if DKIM was around even 50 years ago, or the 
idea of authenticated email was around, list system and the entire 
mail system would of taking on an entirely different path.  We are 
arguing it now. I don't see why we would not be arguing about it back 
then if it was around.

So all this about the the past is really a moot point.  We have DKIM 
now, today, and it doesn't fit with list systems or any system that 
has a natural integrity breaking process.  Unless all the list 
software and/or operators add Plug and Play hooks, to do the "Always 
Resign" thing you want, we will always have the problems for a very 
long time.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


John R. Levine wrote:
Perhaps an MLM's reputation is pulled up or down as the average of 
those of its participants, so if the MLM can attract "good" senders, 
suddenly entire threads start getting through.  But that would only be 
possible with signature survival.

In my experience, the reputation of the list is unrelated to the 
reputation of its participants.  For example, in my filters I deliver 
mail from this list directly into the inbox without content filtering, 
even though I discard mail sent directly from a few of the subscribers.

With 40 years of experience with MLMs, a lot of experiments have already 
happened, and we should spend more time looking at the history rather 
than guessing what might happen under some hypothetical circumstances.  
For example, we don't have to do experiments to find out whether people 
want an MUA to distingish between signed and unsigned parts of a 
message. We've already had partially signed messages (like this one, if 
you get it through the list) for over a decade, and MUAs don't care.  
Either they don't see the signature at all (Thunderbird or Windows Live 
Mail), or they show the message without any particular distinction 
between the signed and unsigned parts (Evolution, Apple Mail, Alpine.)

If anyone's claiming that contributors' DKIM signatures on list mail are 
important, a good start would be to look at how PGP and S/MIME 
signatures have been treated during the many years they've been in use.  
I don't see any harm in experiments like having an MLM adding a signed 
A-R header to the mail, since it doesn't break anything that works now, 
but I would want rather concrete evidence from anyone claiming that 
people pay any more attention than they do to S/MIME signatures now.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for 
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html