> Given that lists are expected to (A) continue making content changes, and (B) > continue accepting all comers, I think we need to embrace From Rewrite as a > necessary consequence of A and B. Unlike Hector, I don't have a problem > with From Rewrite because the act of altering the content makes it a new > message, and the modifying entity becomes responsible for the whole thing. > So we need a caveat to list owners which lays out the real risks and the > better alternatives.
Douglas, Just a few points. It is more accurate to state, "Unlike others," because I am not the only one who has a problem with altered mail authorship, and worse, when done for the purpose of a security teardown it potentially introduces a new security threat with Display Name attacks. I believe I am “IETF” correct to raise this security concern where IETF security folks would agree. It is often stated that it is unfair to MLS/MLM folks who have worked unchanged for over 30+ years to be required to change. Please understand I have a commercial MLS product since 1996 and I don’t like changes just like the next MLS developer. I’ve extremely conservative but I do adapt when necessary. My MLS is a legacy product but it is still actively supported. Well, for the MLS or MLM refusal to adopt the protocol, the refusal to adopt measures known to resolve the DKIM secured with Policy mail stream, caused an immediate need by one MLM to create a hack to alter list submissions from restrictive domains. It resolved the immediate problem. The MLM could have adopted subscription/submission controls as outlined in 2006 and discussed many times in the WGs. It was not unknown. These correct methods would have pushed the burden back to the domain seeking exclusive mail security once they began to publish and honor p=reject. The MLM could have supported any of the many ADID::SDID association authorization proposals too, but it did not. So here we are with the DMARC rewrite problem where in my view, needs to be explained and corrected. The "new message" angle is one view, but not the definitive one to suggest it is okay to alter list submission copyrighted authorships. It is not a normal thing to do, but what you can do as an MLS/MLM developer depends widely on the type of list distribution. If you are just broadcasting to a list of people as a read-only list, then the preparation of required headers is a legitimate instance where it completes a new secured message with the proper secured business addresses. — HLS _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
