[ietf-dkim] Feedback on draft-ietf-dkim-mailinglists for discussion
daniel.subs at internode.on.net
Sun Aug 1 16:47:51 PDT 2010
On Monday 02 August 2010 08:22:15 Murray S. Kucherawy wrote:
> Some offlist feedback I wanted to bounce to the list to gauge consensus:
> a) Section 5.1 currently advocates a warning to new subscribers to an MLM
> with a highly restrictive ADSP policy. Should this be stronger, such as
> "a warning is advised, and full denial should be considered"?
"A warning is adviced" is acceptable. full denial/rejection is going too far.
Subscriptions could just indicate that they want to receive email. Conflicts
only occur with sending. Its easy enough to differenciate subscription and
posting as they are typically to different addresses.
> b) Would it be a good idea to suggest MLM implementers make signing of
> submissions into a user-configurable option?
Which signing are you talking about?
a) Inserting a policy for a user to stay they always sign email send to the
list (largely a duplication of adsp=all hence perhaps not that useful. signers
control the policy more that individual authors).
b) that the MLM will sign the MLM Output for some users and not other users
(can't see good reason to recommend this complexity)
> I think there was some text
> in there already about the idea of bifurcating the list's output into a
> signed stream and an unsigned stream, but since I'm getting the opposite
> suggestion now
the rational for this suggestion will be useful.
> it probably means the draft doesn't indicate in enough
> detail why this might be a bad (or good) idea.
> Can anyone provide some
> additional commentary?
A MLM Output stream should be universally signed or not to provide the
verifier a clear indiciation of what behavior to expect from the MLM.
Providing subscriber options to receive signed email or not will likely create
a signed and unsigned message steams. If multiple subscribers with different
signing reception options are behind the same verifier then any differences in
filtering behaviors will seem anonimilous to the receiver. A single signed (or
unsigned) MLM Output stream will allow verifiers to see a consistant MLM
behaviour and make better use of MLM signature trust relationship or stream
based acceptance criteria.
More information about the ietf-dkim