[ietf-dkim] Lists "BCP" draft available
lear at cisco.com
Mon May 17 04:36:20 PDT 2010
Thanks for taking a shot at this. Here are some comments on the Lists
First, I support the draft becoming a working group document.
However, I wonder if it requires simplification with a bit more
discussion as to motivation. I'll get into some of that below.
Introduction 3rd and 4th bullets should use consistent terminology, so I
> MLM behaviors are well-established and standards compliant.
I don't understand what you mean by standards compliant.
Same section lower down:
> However, the fact that the From
> field of such a message is typically the same as for the original
> message and that recipients perceive the message as "from" the
> original author rather than the MLM creates confusion about
> responsibility and autonomy for the re-posted message.
Isn't there standard terminology to distinguish between the From and
from (e.g., SMTP-From)?
FBL? What a horrible misuse of an already common term. Is there a cite
for this or can we change it?
I *love* the title of this section!!!
However- I believe we need to be careful to cite the source of these
definitions, so as to avoid conflict should they change.
> The remainder of this document operates on the presumption that a
> message going through a re-posting MLM actually comprises two message
I think, by the way, that 3.2 should probably be expanded with regard to
the logic behind steps 1 and 2. Seems to me that's the thing that will
help mailing list maintainers understand why the solution is correct.
I'm uncomfortable with this section. I don't know how an author is
supposed to know whether an MLM is a participant or non-participant.
Moreover, discrimination at the enterprise level seems like a great
opportunity for us vendors to sell more hardware without much customer
I would rather see this section simply say that messages originating
from ADMDs that have strict ADSP polices are advised to not make use of
either non-participating MLMs that corrupt signatures.
> Authors may be well-advised to create a DNS domain specifically used
> for generating signatures when sending traffic to MLMs
I think you have to be really clear on this point, because it can be
read in one of several ways:
* Author domain should be used expressly to transmit to MLMs, in
which case you should make it clear when this should be the case
(e.g., you couldn't imagine an entire enterprise redoing their
email infrastructure to such an end)
* The SIGNING domain and NOT the author domain should be used
expressly to transmit to MLMs, in which case we have a problem I
* Something else
> In the case of verification of signatures on subscriptions, MLMs are
> advised to add an [AUTH-RESULTS] header field to indicate the
> signature(s) observed on the submission as it arrived at the MLM and
> what the outcome of the evaluation was.
What if any level of operational trust should be placed in such a header?
> A DKIM-aware resending MLM is encouraged to sign the entire message
> as it arrived, especially including the original signatures.
Would I as an MLM want to resign a message that I received that itself
was not signed? Do I want to confer more authority to that message than
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ietf-dkim