Alessandro Vesely wrote: > Crypto stuff at connection time is a different ongoing task, which may > be useful in countering replay attacks in general. Joint signatures > and From-%-rewriting are two easier and more specific techniques for > describing how responsibility is transferred when a message transforms > into another. I mentioned them in this thread because I deem they are > worth being considered, each in its niche of suitable use cases.
I think you need to better appreciate and understand how fundamental the "Message" From field for any forms of communications and/or mail networks is. It would be a radical change to open up this door and "Pandora box" to make it the norm and mindset that a From: is unreliable. Not saying it is not prone to abusive, but fundamentally, when people believe in the message, they also make that natural trusted tie to the author of the message. Never mind the gateway exchanges and networks using From among the fundamental elements of the payload. That said, I believe what you speaking of is when a mail bot completely take over a message from an authorized or intentional design basis. i.e. a newsletter, a newspaper article, a read only forum, whatever, etc, messaging usages were the From: is less important and more of a "global entity." Let me ask you this, does this apply to a MLM serving a LIST such as this one? IETF-DKIM? Should it be programmed to change it to? From: DKIM POST MASTER <[email protected]> or From: DKIM POST MASTER ON BEHALF OF XYZ <[email protected]> I guess the goal would be to make the resigner a 1st party DKIM signature with the From domain being mipassoc.org. Even if the MLM was allowed to do this for list of this type, do we now also recommend that MIPASSOC.ORG have a ADSP policy? It sounds like a good idea, but it would a very radical change. I don't wish to be part of the group of MTA and MLM that begin to fuss around with the 8222.FROM making the mail more unreliable and less trustworthy. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
