On 4/28/2010 8:31 AM, MH Michael Hammer (5304) wrote: >>> 2) One possible recommendation to list managers is that if a message to >>> the list is DKIM signed AND has an ADSP discardable policy AND the >>> signature cannot be maintained intact then the list should bounce the >>> message. >> >> What is the particular benefit of doing this, rather than letting the >> receiving site do the bouncing? This is extra mechanism for the MLM, and >> most MLMs won't be supporting it. I'm trying to get a clear sense of the >> value proposition for this. > > Is your assertion of what most MLMs will do "a priori" knowledge and is your > timeframe forever? John has advocated that the MLM should strip the signature > so how exactly would the receiving site know to check ADSP?
The mailing list technical community has been particularly challenging with respect to the development and adoption of standards. The List-* specifications were hardfought and the current deployment of the feature(s) is still extremely spotty. So anything discussion here about mailing lists needs to take that reality into consideration. >> >>> 3) Is there a way for us (perhaps in a future version) to provide for >>> some sort of "encapsulation" that will allow the original >>> signature/message to be maintained even as the list does certain (as yet >>> unspecified) actions which might currently break the signature? Just >>> blue skying here. >> >> I think you are raising the (much) larger question of constraining the >> nature of changes made by MLMs. Since the are actually posting an >> entirely new message, they have the legitimate freedom to do what they want >> to it. However, some can choose to participate in that much more >> constrained role, looking more like a relaying MTA than a modifying >> intermediary. >> > > DKIM and ADSP impose constraints for those who choose to participate. This > is no different. I intentionally avoided suggesting the relaying model with > the goal of leaving the potential approaches open to discussion. My point is that you are talking about recruiting mailing lists into this. Adding active components into a system is expensive, especially when those components have a very poor track record of adoption. So the value proposition needs to compelling. For them and for the actors attempting to impose this burden on the mailing lists. > If DKIM doesn't authenticate any part of the message, what exactly is the > body length hash? DKIM hashing at most provides data integrity validation, from signing to verifying. DKIM makes no assertion of validity of the data being hashed. In terms of security semantics, this is not a small point. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
