ietf
[Top] [All Lists]

Re: DMARC: perspectives from a listadmin of large open-source lists

2014-04-16 07:22:04
John R. Levine wrote:
want to allow modification of the subject field (e.g., adding a tag)
and/or the body (e.g., adding header and footer) - then you might have
to be a little cleverer, perhaps by providing information about the
diffs in extra headers and doing a few comparisons at the receiving end
(subject tag = *****<original-signed-subject>).

That's unlikely to be a productive direction to go. We had a lot of arguments about message modification when we were designing the DKIM strict and loose message digests. We never found a way to allow subject tags that wouldn't also enable all sorts of abuse, and I don't think we missed anything.

The reasonable way to use DKIM with mailing lists has always been for
the list to add its own signature, and to use the list signatures to
develop a (presumably good) reputation for the list so its mail gets
delivered.  See the signatures on the messages from this list for an
example.

I was thinking about combining:
- two signatures: at origination, by the list manager
- adding an additional header, along the lines of "original-subject"
- allowing for:
-- not breaking validation of the originating signature
-- adding tags to the subject line (and copying the original subject to original-subject)
-- adding a new signature at the mailing list
-- validating the original signature at receipt (just using the original-subject header in place of the tagged subject line) -- doing a diff on the two subject lines to validate that the only thing added was a text tag before the original subject

Doesn't address the non-aligned From: header issue, but does reduce one impact.



--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra