On Sun, Apr 20, 2025 at 4:10 AM Alessandro Vesely <[email protected]> wrote:
> On Sat 19/Apr/2025 18:51:38 +0200 Allen Robinson wrote: > > On Sat, Apr 19, 2025, 9:02 a.m. Alessandro Vesely <[email protected]> > wrote: > > [...] > > * I base64 decoded this MIME part. > > * I inserted bytes N-M > > * I trimmed the text "foobar" starting at byte N > > * I base64 encoded the MIME part > > > I would prefer to use a class of "good" transformations, such as the > subject, > footer, mimeify, add-part and mime-wrap of draft-kucherawy-dkim-transform, I also like the idea of mime part algebra as an addition to text algebra to remove the need to do base64 transformation. +1 to looking more into draft-kucherawy-dkim-transform. I don't understand your earlier concern around quoted printable and algebra. > and > one "complex" transformation to be defined on a byte-by-byte basis. > Can you expand what you mean by this? > [...] > >> If verifiers can't judge how acceptable a change is, change tracking > will be > >> relegated to forensic analysis. That means we won't be able to > distinguish > >> mailing lists from spammers and replayers, and we won't have solved > anything. > > > > I disagree, or maybe I'm working with a different idea of what forensic > > analysis means. Doing content filtering at SMTP transaction time based > on > > the results of authentication checks is certainly possible without the > > authentication mechanism being able to decide whether the content is > > malicious or not. > > > "Malicious" is a misnomer here. The characteristic of the "good" > transformations above is that they are attributable to a typical mailing > list > transformation; that is, non-invasive and respectful of the original > content. > If the verifier can determine this, it can override dmarc=fail. > > If the transformation is a complete replacement of the body, a dmarc=fail > deserves to be rejected, according to policy. > It's risky to throw around subjective terminology that's very similar to the notion of "trust" i.e. "good transformations". I think the "algebra" concept is more helpfully thought of as identifying which of the content is created by whom and not worrying which mutation happened. -Wei
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
