On Tue 28/Jun/2022 15:33:01 +0200 Dave Crocker via mailop wrote:
On 6/28/2022 3:32 AM, Alessandro Vesely via mailop wrote:
I agree that would've been better than ARC. However, it'd still need to know
which recipients are mailing list supporting DKIMv2 and operate accordingly.
For example, on a reply-all the MSA should split the message and sign it
regularly for regular recipients and conditionally for MLs.
1. What do you mean by DKIMv2?
I seemed to recall that John's conditional-signatures required a version bump.
Now I looked at the draft again and it doesn't mention v2.
2. What features of v2 are relevant here and where are they in the spec?
The point, IIRC, was to set a mandatory tag, !fs=, which cannot be ignored.
3. How is an MSA to know, reliably and accurately, the difference between
'regular recipients' and MLs?
Eh, that's a good question. Vsevolod suggests a Merkle tree. Any database
would do, but databases don't seem to be part of the typical MTA tools.
The other side of the question is how do they obtain the relevant data. Once I
fantasized about a sort of extended opt-in protocol that involved the user's
MX. MSAs having a per-user list of subscribed MLs would have several
advantages, and the disadvantage of decreased user privacy.
Perhaps the opposite is more workable, MLs having a per-subscriber list of MTA
capabilities. That way they'd know which MTA trusts their ARC sealing and can
skim From: munging.
4. What do you mean by 'conditional' signing?
You certainly recall John's conditional signatures. DMARC WG talked a lot
about them in 2014, before ARC.
https://datatracker.ietf.org/doc/html/draft-levine-dkim-conditional
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
