On Tue, Oct 22, 2013 at 01:56:25PM -0400, Scott Rose wrote:
> We submitted an Internet-Draft on using a new DNS RRType to signal
> that all email coming from the domain will be signed (proposed type
> is called SMIMELOCK). So that when a client receives an email that
> lacks a SMIME signature from a domain with the SMIMELOCK RR, it
> could be marked as suspect. The draft is at:
> https://datatracker.ietf.org/doc/draft-srose-smimelock/
Since the intended target of this record is the MUA, how do you
propose to deal with "saved" email (that is email that did not
"just arrive")? What happens when a message is first retrieved by
the MUA from an IMAP server long after it is delivered to the
mailbox?
Does the policy apply to the:
- Envelope sender domain?
- RFC2822.From domain?
- RFC2822.Sender domain?
- DKIM signer domain?
What is the interaction with "Resent-From" and/or "Resent-Sender"?
What is the treatment of mail sent to a public list (and modified
by the list adding a footer, ...)?
I think the value of this effort will be marginal at best. There
are I think too many corner cases to make the "all" value practically
reliable. There's not much point in "partial" or "none".
Problem areas:
Outsourced email marketing,
Outsourced Benefits providers,
Public mailing lists,
Resent mail,
Stored mail,
...
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
