> -----Original Message----- > From: dmarc [mailto:[email protected]] On Behalf Of Anne Bennett > Sent: Wednesday, April 01, 2015 10:35 AM > To: [email protected] > Subject: Re: [dmarc-ietf] Third Party Sender DMARC Adaptations > > > J. Gomez <[email protected]> writes: > > > a "technically appropriate" technical solution yes there is: > > "Every resender[ *] who invalidates the original Author's DKIM > > signature must take ownership of the Header-From and re-sign the > > message". Simple. Easy. But socially unacceptable (for now, at least) > > because of the expectations of several legacy mail usages. > > If by "expectations of several legacy mail usages" you mean "reasonable > expectations of well-established mail usages", and not "unreasonable > expectations of nearly-obsolete mail usages", then sure. :-) >
This will be extremely difficult. > So having granted that the above proposed solution is unacceptable, how > can we move on to find an acceptable solution? > > Some days ago I tentatively suggested signing only part of some message > parts, in particular part of the Subject header (excluding any future > additions > of "[list-identification]"), assuming that such an approach had doubtless > already been suggested elsewhere. I was expecting to hear either "been > there, tried that, won't work", or (a polite version of) "that's a dumb idea > because...", but I've heard nothing. I can't quite make myself believe that > you're all rendered speechless by my sheer genius, so... why *won't* > something like that work? > Signing only part of a message (whether body or only part of headers such as subject) invites abuse through replay attacks. This is one of the reasons that "l=" pretty much went by the wayside. > > Anne. > -- > Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal > H3G 1M8 > [email protected] +1 514 848-2424 > x2285 > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
