Hector Santos <[email protected]> writes: > A database is still needed of which domains will have an > outbound mail stream with two signatures. Some how the list domains > will still need to register with the Yahoos and tell the Yahoos, > "Please send us two signatures authorizing out list domain." I > would like to call this a "registration" problem because thats seems > to be the area of disagreement as a real problem.
I have to agree; if this is the case, to me, it is a show-stopper. The genius of the DKIM and SPF and DMARC approaches is that they are DNS-based, and thus completely decentralized. The idea that lists would have to register with the e-mail providers of all of their contributors, or that I as a (very small!) e-mail provider would have to figure out what is and isn't a list, doesn't scale. I have not yet taken the time to fully understand the "weak and strong signatures" idea, but if I may be forgiven for commenting anyway: could the above problem be solved by having "original" signers always supply various forms of signature (without needing to figure out if the receiver address is a list), and having "intermediate" signers (such as mailing lists) add more signatures as described in the draft? A message that arrives with only the "original" signatures would be checked against the strong one, and a message that arrives with "additional" signatures would be checked as per the draft. Of course, if the idea of specifically setting up a third-party trust is crucial to the proposal, then my suggestion is useless, and the "registration problem" is not solvable. Anne. -- Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 [email protected] +1 514 848-2424 x2285 _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
