reasons to deploy.
This thread was initially about DKIM Signatures now being applied to
IETF Email. Some people from the IETF sausage factory are aware that
DKIM is broken; i.e. DKIM signatures will fail to verify when a
message goes through a mailing list. Some people might call that a
flaw
SM wrote:
Hi Carsten,
At 11:46 09-08-2011, Carsten Bormann wrote:
For another perspective on this, see section 2.7 The fallacy of
perfection in Garrulity and Fluff.
(http://www.iab.org/wp-content/IAB-uploads/2011/04/Bormann.pdf)
That's an interesting document. From Section 2.1:
Yes, it is
On Aug 1, 2011, Keith Moore wrote:
Perhaps. But it's difficult to escape the impression that this is another
example of IETF failing to solve an important problem by focusing on a
portion of the problem that's easy to solve, and ruling the difficult part
out of scope for the time being.
On Aug 9, 2011, at 20:30, Nathaniel Borenstein wrote:
We worry too little about the opportunity cost of the passage of time, so we
fight time-consuming battles. We should instead be trying to build an
optimal pipeline of incremental progress in a generally positive direction,
Murray S. Kucherawy wrote:
We are perfectly aware you never believed in policy, never really
acknowledge it, fought hard against its progress. I can respect that
position. But I am bit vex as to why you are questioning its existence
as an original and still current WG work item.
Where I come
On 8/2/2011 1:11 AM, t.petch wrote:
When people have a need, and want a technical solution, and then find that
what at first sight appeared to be a solution is not one, then they may be
disappointed, and be critical. That is human nature.
When that happens is a time to reflect, to look at
Nathaniel Borenstein wrote:
I find it amazing how many different ways there are to criticize DKIM
for not doing something it was never intended to do. DKIM is a small
building block that enables new functionality, but such functionality
is beyond the scope of DKIM.
Note: We have an advanced
- Original Message -
From: Nathaniel Borenstein n...@guppylake.com
To: Hector Santos hsan...@isdg.net
Cc: ietf ietf@ietf.org
Sent: Monday, August 01, 2011 2:48 PM
Subject: Re: DKIM Signatures now being applied to IETF Email
I find it amazing how many different ways
On 02/Aug/11 06:52, Hector Santos wrote:
Keith Moore wrote:
Repeat as needed; you can always partition the remaining part of
the problem again.
It was not a difficult problem. [...] how to scale the
authorization of 3rd party signer. [...] But there was a
fundamental mindset and
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of
Alessandro Vesely
Sent: Tuesday, August 02, 2011 6:28 AM
To: ietf@ietf.org
Subject: Re: DKIM Signatures now being applied to IETF Email
It was not a difficult problem. [...] how to scale
On 8/1/2011 8:41 AM, Scott Kitterman wrote:
In fairness to Hector, the functionality that he is complaining is missing was
part of the original working group charter.
please cite the text from the original charter that promises such work and, just
to be safe, please cite the current text
Dave CROCKER wrote:
On 8/1/2011 8:41 AM, Scott Kitterman wrote:
In fairness to Hector, the functionality that he is complaining is
missing was
part of the original working group charter.
please cite the text from the original charter that promises such work
and, just to be safe, please
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of
Hector Santos
Sent: Tuesday, August 02, 2011 2:33 PM
To: ietf@ietf.org
Subject: Re: DKIM Signatures now being applied to IETF Email
We are perfectly aware you never believed in policy
...@ietf.org] On Behalf Of
t.petch
Sent: Saturday, July 30, 2011 3:26 AM
To: Barry Leiba
Cc: ietf
Subject: Re: DKIM Signatures now being applied to IETF Email
Sadly, I do not see it being used in the mailing lists where an
organisation is sending me directly data I would like to be able to rely
On Monday, August 01, 2011 08:48:04 AM Nathaniel Borenstein wrote:
I find it amazing how many different ways there are to criticize DKIM for
not doing something it was never intended to do. DKIM is a small building
block that enables new functionality, but such functionality is beyond the
My own recollection is that the working group originally had policy ideas in
its charter, but as we went through the work it became evident that doing DKIM
policy was increasingly hard to get right without creating something unreliable
or even damaging to the current infrastructure. Thus, I
On Aug 1, 2011, at 2:50 PM, Murray S. Kucherawy wrote:
My own recollection is that the working group originally had policy ideas in
its charter, but as we went through the work it became evident that doing
DKIM policy was increasingly hard to get right without creating something
unreliable
On Monday, August 01, 2011 02:50:27 PM Murray S. Kucherawy wrote:
My own recollection is that the working group originally had policy ideas
in its charter, but as we went through the work it became evident that
doing DKIM policy was increasingly hard to get right without creating
something
Perhaps. But it's difficult to escape the impression that this is
another example of IETF failing to solve an important problem by
focusing on a portion of the problem that's easy to solve, and ruling
the difficult part out of scope for the time being.
It's definitely a case of the best being
On Aug 1, 2011, at 6:57 PM, John Levine wrote:
Perhaps. But it's difficult to escape the impression that this is
another example of IETF failing to solve an important problem by
focusing on a portion of the problem that's easy to solve, and ruling
the difficult part out of scope for the time
Does it follow, then, that the Right Thing to do is to avoid
building any other parts of the system (even, say, the reputation
service query protocol) until the easiest part is finished?
If we knew what to build, we'd build it.
We published RFC 5518 for VBR, a reputation system that sits on
Keith Moore wrote:
Perhaps. But it's difficult to escape the impression that this is
another example of IETF failing to solve an important problem by focusing
on a portion of the problem that's easy to solve, and ruling the difficult
part out of scope for the time being. Repeat as needed;
-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of t.petch
Sent: Saturday, July 30, 2011 3:26 AM
To: Barry Leiba
Cc: ietf
Subject: Re: DKIM Signatures now being applied to IETF Email
Sadly, I do not see it being used in the mailing lists where an
organisation is sending me
- Original Message -
From: Barry Leiba barryle...@computer.org
To: t.petch daedu...@btconnect.com
Cc: ietf ietf@ietf.org
Sent: Friday, July 29, 2011 5:02 PM
I think that it is an error for the IETF to add DKIM signatures. They do
indeed
tell me
which intermediary has sent me the mail,
On 7/30/2011 6:26 AM, t.petch wrote:
Sadly, I do not see it being used in the mailing lists where an
organisation is sending me directly data I would like to be able to rely on
- which I think fits the applicability well - and instead, I see it
being used on a mailing list such as those in the
Dave CROCKER wrote:
It does seem odd to complain about a mechanism that (finally) provides a
certifiably valid identifier on messages, in an environment where 90% of
the traffic across the Internet exploits the fact that there hasn't been
one...
How it is certified? I haven't seen any DKIM
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of
t.petch
Sent: Saturday, July 30, 2011 3:26 AM
To: Barry Leiba
Cc: ietf
Subject: Re: DKIM Signatures now being applied to IETF Email
Sadly, I do not see it being used in the mailing lists
On 28/Jul/11 18:34, t.petch wrote:
The minor point is that e-mails have just got yet bigger. They are now
100-150%
bigger than when first I started following the IETF
According to Nielsen's Law, network connection speeds double every 21
months. DKIM is apparently using a quite reasonable
On 7/28/2011 12:34 PM, t.petch wrote:
But more importantly we have abolished the end-to-end principle. If I am going
to benefit from improved security on e-mail, I want to from the originator to
me, not some half-way house giving a spurious impression of accuracy.
The end-to-end principle
On Jul 29, 2011, at 6:18 AM, Dave CROCKER wrote:
On 7/28/2011 12:34 PM, t.petch wrote:
But more importantly we have abolished the end-to-end principle. If I am
going
to benefit from improved security on e-mail, I want to from the originator to
me, not some half-way house giving a
oh boy...
On 7/29/2011 6:36 AM, Keith Moore wrote:
The Truth About DKIM http://bbiw.net/presentations/DKIM%20Truth.pdf
specifically slide 4. The left hand side includes a short list of common
mis-assumptions about DKIM's meaning, along with the one correct one. See
whether you know which is
Original Message -
From: Dave CROCKER d...@dcrocker.net
To: ietf@ietf.org
Sent: Friday, July 29, 2011 12:18 PM
On 7/28/2011 12:34 PM, t.petch wrote:
But more importantly we have abolished the end-to-end principle. If I am
going
to benefit from improved security on e-mail, I want to
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of
t.petch
Sent: Friday, July 29, 2011 5:22 AM
To: dcroc...@bbiw.net; ietf
Subject: Re: DKIM Signatures now being applied to IETF Email
It functions, but does not work, in that it tells me
I think that it is an error for the IETF to add DKIM signatures. They do
indeed
tell me
which intermediary has sent me the mail, but does nothing for the 'spam' that
the
intermediary accepted in the first place (albeit there being little of that on
the IETF
managed lists).
...
It
On 7/29/2011 11:02 AM, Barry Leiba wrote:
What it does is allow you to assure yourself that the message was,
indeed, from an IETF mailing list (well, from an IETF email server),
and that it wasn't that someone tried to spoof that. That, in turn,
allows you to confidently increase your trust
t.petch wrote:
It functions, but does not work, in that it tells me nothing about the true
origin of the communication.
Yes and No and that the main problem with DKIM, which I see is the
lack of 3rd party signal controls or put another way - anyone, middle
ware and especially list servers
Original Message -
From: Sean Turner turn...@ieca.com
To: ietf@ietf.org
Sent: Wednesday, July 27, 2011 2:09 PM
On 7/25/11 2:01 PM, Dave CROCKER wrote:
On 7/25/2011 1:17 PM, Glen wrote:
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing
But more importantly we have abolished the end-to-end principle. If I am going
to benefit from improved security on e-mail, I want to from the originator to
me, not some half-way house giving a spurious impression of accuracy.
I can't help but be baffled at the lack of a PGP or S/MIME
On Mon, Jul 25, 2011 at 10:17:48AM -0700,
Glen g...@amsl.com wrote
a message of 23 lines which said:
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
What about a RFC 5617 published signing practice?
On 26/Jul/11 06:19, Hector Santos wrote:
But the original destroyed signature from the author is not stripped.
Nor verified, apparently.
Authentication-Results: dkim.winserver.com;
dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;
adsp=fail policy=all author.d=isdg.net
On 7/25/11 2:01 PM, Dave CROCKER wrote:
On 7/25/2011 1:17 PM, Glen wrote:
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
I'll be presumptuous and speak on behalf of the DKIM operations
community, rather than just myself:
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
What about a RFC 5617 published signing practice?
That RFC is only useful for a narrow range of heavily phished domains
like Paypal's. Fabulous though the IETF is, it's not one
On 7/27/2011 4:46 AM, Stephane Bortzmeyer wrote:
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
What about a RFC 5617 published signing practice?
ADSP only works when the domain in the From: field is the same as the
All -
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
Many thanks to Murray Kucherawy, lead author of OpenDKIM, for doing the work
to set up OpenDKIM on the IETF servers and getting it to work. He made the
process painless, and
On 7/25/2011 1:17 PM, Glen wrote:
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
I'll be presumptuous and speak on behalf of the DKIM operations community,
rather than just myself:
Cool! Thanks.
d/
--
Dave Crocker
Cool beans. Message as verified here. The good thing is that it
finally resolved the corruption of distributed original signed mail on
the ietf list server with its extra line at the top!
Glen wrote:
All -
I am very pleased to report that the IETF is now applying DKIM signatures
to all
But the original destroyed signature from the author is not stripped.
Authentication-Results: dkim.winserver.com;
dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org;
adsp=fail policy=all author.d=isdg.net asl.d=ietf.org (unauthorized
signer);
dkim=fail (DKIM_SIGNATURE_BAD)
All -
I am very pleased to report that the IETF is now applying DKIM signatures
to all outgoing list email from mailman.
Many thanks to Murray Kucherawy, lead author of OpenDKIM, for doing the work
to set up OpenDKIM on the IETF servers and getting it to work. He made the
process painless, and
48 matches
Mail list logo
