On 5/28/2014 9:47 PM, Arvel Hathcock wrote:
Anything that requires mailing list software to change won't work. If
mailing list software is changed, the right answer is for the mailing
list to re-sign the message. That doesn't help the DMARC situation
now, but DMARC could be given other options once that happens.
That's right. But maybe there could be a multipart/dkim type that
lets several signatures exist in a message - all of which could
potentially verify with different d=. Then the list only needs to
sign what it adds to the end somehow and it leaves the rest of the
message alone. Seems like we went over this way back years ago but
I'm old now :)
Yup, and the solution was policy. The problem is this group wants to
skip doing any kind of policy lookup.
We are also list developers. We don't have a free reign on resigning
mail without permission, if any. Its irresponsible. It has to follow a
policy framework. All software has to follow it. List systems are
not the exception. No resigner is an exception and trying to get
around this has not worked.
Keep it simple -- lookup policy.
But DMARC lacks 3rd party semantics, so you need extensions and that
was done with ATPS for ADSP. See the wizard that supports it for ADSP
and now a new beta using DMARC:
http://www.winserver.com/public/wcADSP
http://www.winserver.com/public/wcDMARC
You can easily add ATPS support to your DKIM C/C++ library.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
