In message
<alpine(_dot_)OSX(_dot_)2(_dot_)11(_dot_)1510271801250(_dot_)34501(_at_)ary(_dot_)lan>,
"John R Levine" write
s:
Actually we need to validate two assertions:
* That the mail came from the stated author, e.g. PHB.
* That the mail was relayed by the IETF mailing list.
Well, yes, but those are easy. What's hard is demonstrating that the
message that the list relayed is the same in a semantic sense as the
message that Phill sent, even though it has the kind of changes that lists
make, a tag in the subject line, a footer at the bottom, and attachments
stripped.
Perhaps we should not be stripping attachments but encapsulating
the whole message with enough DKIM signed meta data to enable DKIM
processing to work a the far end after DKIM verifying the mailing
list input first. This gives you a trust chain.
Add in List-Label: <string> header to allow the MUA to insert it
into the displayed Subject: and a footer after the encapsulated
message. The latter should work immediately.
If list policy is not to have attachements then reject the
submission rather than strip the attachements.
If list policy is no text/html then reject messages with text/html.
Mark
See the last decade or so on the DKIM and now DMARC mailing lists for
endless not very productive discussions about ways to describe permitted
changes without also allowing vast amounts of spam and phishing, leavened
by blithe assertions that mailing lists have been doing the wrong thing
for 40 years and should never make any changes to messages at all.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org