ietf
[Top] [All Lists]

Re: DMARC and ietf.org

2014-07-20 11:45:41
On 7/20/2014 10:03 AM, Brian E Carpenter wrote:
On 21/07/2014 01:26, Michael Richardson wrote:
Regardless of how/if/why/when we process DMARC as a specification, we need to
decide how ietf.org MTA is going to deal with things.

1) someone has to fund changes to mailman, and perform testing, installation,
    and community education for the IETF mailing lists.  That implies that
    we have to decide *for ourselves* where and how we will "break" the
    DMARC/DKIM connection,  and if we will reject email from p=reject senders
    before we attempt to relay.

I thought the preferred solution was to rewrite the From for those users only.

-1.

Its not the preferred solution. Not one iota. Please don't endorse this radical "email game changing" behavior. Since you are among the "top IETF key cogs," if its preferred among the IETF key cogs, as you are making it sound, then this is not good at all. It would be a serious "game changer." It goes to show how much the IETF really cares about the concerns for the wider and entire mail networking community which is obviously becoming less and less. It will set a terrible precedence and obvious security loophole if you crack open this door. The "From" could never be trusted again and the new algorithms necessary to separate and categorized the good from the bad, will be overwhelming and complex at all levels.

Plus, if you ask and explore the risk and liability issues with your chief council, you could be playing with fire here. I wouldn't do it. Bad idea.

I don't recommend any change to the ietf.org list mail process regarding DMARC until there is a 3rd party authorization framework in place. The lack of one currently should not suggest breaking security as the "path of least resistance" should be endorsed by the IETF.

--
HLS


<Prev in Thread] Current Thread [Next in Thread>