On Tue, 2004-09-14 at 20:35 -0500, wayne wrote:
[top quoting fixed, extra words deleted, and the Reference: header
restored. All due to brain-dead mail software.]
Thanks for fixing that; it's amazing how poorly people will behave in
public fora. Personally, I configure my mailing lists to reject any mail
with 'Re:' in the Subject: header but neither References: nor
In-Reply-To: headers. Philip, you really ought to invest in some
non-broken mail software if you want to use it in public.
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
David Woodhouse [mailto:dwmw2(_at_)infradead(_dot_)org] wrote:
I strongly disagree with this opinion. I believe that it does not make
sense to have multiple scopes, and certainly not to plan to add even
more scopes later. I shall explain my reasoning:
I agree with Andy.
No, apparently you agree with David Woodhouse. It is easy to get
confused when you don't use proper quoting.
I thought we should have done this all along.
Yes, I know. This was discussed long ago. The rough consensus was
against your opinion. I thought that while there should be multiple
scopes, we could have one record that covered them all. The rough
consensus was against my opinion.
Now, can we *PLEASE* stop re-raising old issues everything someone new
comes into this working group?
Maybe I have indeed missed the discussion on this precise topic, but I
suspect you might both have missed my point -- and in either case I
apologise. Philip might be used to upside-down email and have thought
that my first paragraph was in fact my conclusion, but I didn't expect
that of you so it's probably my fault for not being concise enough in
the first place.
I was not saying that we should ditch either pra or mail-from scope and
continue with only one or the two, which I know is an opinion which has
been voiced before.
I was saying that we should ditch _both_ pra and mail-from scopes and
continue with something more appropriate.
The point was that the mail-from and pra scopes are _both_ only useful
for determining a trust level for a given mail server, by determining
whom it belongs to. The 'domain' we use becomes nothing more than an
arbitrary 'trust handle' which isn't even seen by most users anyway, as
it's hidden in the Return-Path: or Resent-From:^WForwarded-For: headers.
The mailfrom/pra scopes are not useful as end-to-end validation that a
given mail really did come from the person from whom it claims to come.
A mailfrom/pra 'PASS' is neither necessary nor sufficient to make that
judgement reliably. There are both false positives and false negatives
if one were to inadvisedly use it for such a purpose.
Yet the very nature of the scopes makes it easy for the naïve user or
admin to believe that they can be used that way. Therefore, it is
actually counterproductive -- because it encourages a mistaken belief
that this provides real end-to-end authentication when it cannot.
My suggestion is that we should go forward with an entirely _different_
scope, not just unify on either mail-from or whatever the unencumbered
pra replacement would be.
There are many possibilities which would offer us some 'handle' on the
owner of the mail server in question, without all the problems which
both mail-from and pra scopes suffer.
--
dwmw2