Re: Web pages for MASS effort



On Mon, 6 Dec 2004, David Woodhouse wrote:


On Mon, 2004-12-06 at 01:21 -0800, Dan Wing wrote:

Yes, and I expect the new message can be as tracable to the original 
poster as the message the poster sent to the mailing list.  Even in the 
case of someone with a mail user agent that adds remail-* headers, I 
expect I should still be able to authenticate the message (*).

((*) provided it's within 4 or so days of its original transmission, as 
I don't expect MASS to want to handle time beyond typical SMTP retry 
limits.)


Mail often does get resent using Resent-* headers after much longer than
the 4 days you cite. I often resend old mail to people when they've
failed to respond to it the first time, or just if I happen to know
they're not reading that particular list very closely and I want to make
sure they get a copy of the mail in their inbox instead of just the list
folder. I often receive mail in such circumstances too.


Resent- headers are used for reintroduction of email by user. The email 
should have new message-id and other data that would make it clear this 
really is a new message.

MASS is about desiging transport-level message authorization and since
email reintroduced after several days is not the same transport stream
(i.e new message), its existing signature should be ignored.

Now if email is reintroduced quicker then when signature expires, I really
have no problem with signature being checked, but its not our goal
to accomodate user resending.

We mustn't reject resent mail in such circumstances just due to its age;
not if there's a Resent-Date: header which is more recent.


I agree, in fact in my opinion, we must NOT reject any email just because 
it has signature that has expired, this email should instead be dealt
with as if it had no signature to start with. 

However Resent-* header do play role because they change presumed email 
sender, so while policy record for original sender (as described by 
signature) may indicate that it signs all email, it would not be used or 
cause email rejection (since signature is not existant or has expired) 
because Resent- headers indicate different sender of such email.

Now I have different view about Sender and From headers. In my opinion in 
presense of both From and Sender, signature that applies to Sender is 
the primary one but if no such signature is present but there exist
signature for From header address, then such signature should be used.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
Re: why the whole mailing list argument is silly, (continued) Re: why the whole mailing list argument is silly, Miles Libbey Re: why the whole mailing list argument is silly, Michael Thomas Internet architecture, roles and responsibilities, Dave Crocker Re: Web pages for MASS effort, Dave Crocker Re: Web pages for MASS effort, Dan Wing Re: Web pages for MASS effort, David Woodhouse Re: Web pages for MASS effort, Dan Wing Re: Web pages for MASS effort, David Woodhouse Re: Web pages for MASS effort, Dan Wing Re: what's signed and does it matter, was Web pages for MASS effort, John Levine Re: Web pages for MASS effort, william(at)elan.net <= Re: Web pages for MASS effort, David Woodhouse Re: Web pages for MASS effort, Michael Thomas Re: Web pages for MASS effort, Tony Finch Re: Web pages for MASS effort, Jim Fenton Re: Web pages for MASS effort, william(at)elan.net Re: Web pages for MASS effort, David Woodhouse Re: Web pages for MASS effort, Jim Fenton Re: Web pages for MASS effort, Stephen Pollei

Previous by Date:	Re: more hand waving about mailing lists, Michael Thomas
Next by Date:	Re: Web pages for MASS effort, David Woodhouse
Previous by Thread:	Re: what's signed and does it matter, was Web pages for MASS effort, John Levine
Next by Thread:	Re: Web pages for MASS effort, David Woodhouse
Indexes:	[Date] [Thread] [Top] [All Lists]