----- Original Message -----
From: "Miles Fidelman" <mfidelman(_at_)meetinghouse(_dot_)net>
To: <ietf(_at_)ietf(_dot_)org>
Sent: Friday, May 02, 2014 1:51 PM
Alessandro Vesely wrote:
On Thu 01/May/2014 17:18:38 +0200 Dave Crocker wrote:
On 5/1/2014 8:22 AM, Phillip Hallam-Baker wrote:
<snip>
3. Actually developing something that plays nice with whitelists - as
there is now some discussion about (XOAR, whitelists, ....).
I'm not clear what you mean. Is there a standard that defines
mailing
lists?
There are some that approach it - like the SMTP extensions for
list-related headers. I personally think mailing list functionality
is
well enough understood that we could improve on this, and incorporate
some standard authentication mechanisms in the process.
Personally, I think some kind of standard that allows for:
- separate identification and signing/authentication of author,
originating MTA, list/forwarder would go a long way (I think this
would
require additional headers and/or standardizing the use of existing
headers a bit more tightly)
- maybe an extra list header or two regarding reply-to (separate
author,
author-errors, list, list-errors)
- a mechanism that allows a list to modify messages that doesn't break
incoming signatures, say:
--- separate "original-subject" "subject-with-tags""listname" headers
--- a well-specified way to add a header and/or footer to a message
(e.g., headers to indicate header-line-count, and footer-line-count)
--- provisions for MIME
--- i.e., a recipient can verify the original message and author,
verify
changes that have been made by a listprocessor, run some checks on the
diffs, then make a decision on what to do with the message
- maybe some best practices for mail client presentation of
information
to end users
Miles
I do not think that the behaviour of mailing lists is well enough
defined and so the various authentication mechanisms have too much
variation to cope with and so do not.
I get mail from several IETF lists and
- may or may not get a [tag]
- may or may not have From: replaced by an IETF address
- may have From: replaced by a nickname and no IETF address
- usually get List: headers
and so on and so forth.
What I think is needed is a well-defined and short description of what a
well-behaved mailing list might do, and then DKIM and such, or perhaps
just a best practices thereof, could make mailing lists
authentication-friendly
I do not think it worth trying to do anything that calls for MUA
changes - it will take too many decades to roll out.
I think that DMARC has got this badly wrong, but that we have created
enough pitfalls that they can easily do so.
Tom Petch
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra