[ietf-dkim] draft-ietf-dkim-mailinglists-02 review
vesely at tana.it
Thu Sep 2 10:35:16 PDT 2010
On 01/Sep/10 23:43, Murray S. Kucherawy wrote:
> Personally I do see use in the document's current form. Although I
> realize MLMs haven't done the work to preserve signatures in the
> past, I get the feeling there's desire out there for that to start
> to happen; receivers want it, for whatever reason, and I don't hear
> a lot of people coming out against the idea. Are we really on
> solid ground telling them "You don't need/don't want/can't have
+1: if DKIM works it should also work for MLMs.
However, the other issue is to break or remove author domain
signatures. John has pointed this out since a long time, for FBL
reasons. Doug has brought out the same issue for replaying attacks
aimed at breaking reputation, because replaying is definitely out of
control in case of publicly distributed messages.
Mutually exclusive as they may seem, those two issues together simply
beg for the ability to take just the extent of responsibility that a
signer deems correct, given the recipients for the message at hands.
I repeat the two proposals that have been made, and ask once more
whether there are further ways to achieve similar results.
It seems the WG disagrees with it. However, it has also been
mentioned that some MLMs already change the From. Should it be
forbidden? If not, I see no reason not to document it.
I haven't seen many opinions on this proposal of mines. Anyone? Here
are some pointers:
last paragraph in
More information about the ietf-dkim