On Sun, 05 Apr 2015 18:33:52 PDT, "Murray S. Kucherawy" <[email protected]> wrote:
> I've posted a new version of draft-kucherawy-dkim-list-canon, which had > expired. It was one of several we were considering a while back as a way > of dealing with some indirect mail flows. > > https://datatracker.ietf.org/doc/draft-kucherawy-dkim-list-canon/ > > Also, I've posted a new one that proposes a way to include in the signature > some information about message transformations that happened at a Mediator, > allowing the Verifier to undo said changes and re-try the author > signature. Something else to consider: > > https://datatracker.ietf.org/doc/draft-kucherawy-dkim-transform/ > > Comments on either or both are welcome. Thanks for both of these. They significantly enhance the ability of compliant list mail surviving DKIM verification. Tiny spelling nits: In draft-kucherawy-dkim-list-canon, Appendix A, just before figure 1: "descendents" should be "descendants" (The former is becoming obsolete.) In draft-kucherawy-dkim-transform, Section 6, first paragraph: "additonal" should be "additional". A small nit: In draft-kucherawy-dkim-list-canon, Section 4, item 3, asks for "An integer expression of the number of children at that node." Just in case there are more than nine children, it might be helpful to specify "The decimal number of children at that node." A slightly larger nit: In draft-kucherawy-dkim-list-canon, Section 6.2, I can't make the last sentence parse: Operators that might grant preferential handling based on valid DKIM signatures from favorable domains; assuming that appended content in the presence of such signatures does not mean the appended content is necessarily safe. If I understand what you're trying to communicate, I'd suggest: Operators that might grant preferential handling based on valid DKIM signatures from favored domains should not assume that the added content is necessarily safe, despite the presence of a valid DKIM signature. In both documents, there's a conspicuously missing item that would make list subscribers -- and owners -- a lot happier: A mechanism for changing the RFC5322.Subject header. Since most lists nowadays add something like "[list-name] " immediately after "Subject: " in the originating Author's message, they still won't pass DKIM validation even after complying with the proposed body modification rules. Would it not be fairly easy to add an easily reversible "change-subject" transformation to draft-kucherawy-dkim-transform document, along with a corresponding "cs" DKIM-Signature tag? Assuming that the mediated RFC5322.From header is unchanged, this would make it fairly simple for the originating Author's message to be reconstructed from the message delivered to list members. But perhaps it might be better to put header transformations in a separate draft. Of course, none of this touches the issue of From-munging, but that's a DMARC alignment problem, not a DKIM problem, so these drafts aren't the place to address it. Thanks again, MJA _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
