On Sun, Aug 30, 2020 at 11:38 AM Douglas E. Foster <fosterd= [email protected]> wrote:
> This all looks workable to me, if it can gain support from senders, > recipients, and mailing lists. > > But as I have said before, the last part of the protocol needs to be a way > for the mediator to know that the recipient will accept the message. This > could be because: > > - Recipient honors conditional signatures (or any other future > third-party authorization system.) > - Recipient has whitelisted the mailing list, so DMARC will not be > enforced against the list. > - Recipient does not enforce DMARC at all. > > The first option is the most complicated, because it requires the list to > change behavior based on both sender and recipient configuration. The > latter two only require knowledge of the recipient configuration, and could > be implemented today. But early in this discussion, John implied that > recipient-specific tailoring of the From address is outside the > capabilities of modern mailing lists. To get IETF backing, the signalling > between lists and recipients also needs to scale, which implies a high > level of automation. > > Is there any way to solve this part of the problem? > I'm not clear on why you think the first option is the most complicated. I think it's the simplest, since the entire thing is implemented at the DKIM layer. DMARC and the MLM don't even know any of this is happening. I suspect the complicated part is the logic the author domain's signer needs to use when deciding whether to affix the weaker signature, because of the replay risk described in the draft. If you want to be pure about this, you need to know where all the lists are, which means either discovering them or having your users register them. At a large scale, those aren't pragmatic, so you might do something like affix the weaker signature only if the set of domains in the union of the To: and Cc: fields (or perhaps the envelope recipients) is small, and avail yourself of the semantics of the "x=" tag (also described in the draft). Interesting. Looking at my open source stuff, it seems I did a variant of the -03 draft, where the tag was "cd" (probably for "conditional domain"). I vaguely remember that discussion. Wouldn't be hard to change one or the other. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
