[ietf-dkim] list vs contributor signatures, was Wrong Discussion
iane at sussex.ac.uk
Fri Apr 30 06:58:27 PDT 2010
--On 30 April 2010 08:02:44 -0400 "John R. Levine" <johnl at iecc.com> wrote:
>>> I just don't see a plausible scenario where you you know you trust the
>>> list but still want to accept or reject mail based on assertions the
>>> list itself makes.
>> How about you trust the list, and it says the inbound message wasn't
>> signed? The list has left the value judgement to the recipient.
> I've been using mailing lists for 35 years, and I cannot recall any where
> the list manager threw up his hands and didn't manage the list's
I don't think that's what I'm saying. Currently lists don't do much to
authenticate senders. I don't think it's implausible that a recipient might
have stricter rules than a list manager. It might be unusual, I suppose.
> The conceptual model of mailing lists has been consistent for
> decades: the list picks mail to pass along using whatever manual or
> automated process it uses, and subscribers accept the mail the list
> sends. I don't see the point in trying to retroactively redefine the
> ways that lists work to try to shoehorn them into the limits of poorly
> desiged security add-on.
> See "forgery" for another example of the same newthink, in which the SPF
> crowd tried to persuade the world that SPF's failure to handle long
> established forwarding models was the fordwarders' fault.
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
More information about the ietf-dkim