On April 14, 2015 6:58:11 AM EDT, Stephen J. Turnbull step...@xemacs.org
wrote:
Scott Kitterman writes:
Far more concerning to me is that once someone has received a
message with a valid 'weak' signature, the only protection against
replay is Message ID tracking.
I don't understand the
Scott Kitterman writes:
Far more concerning to me is that once someone has received a
message with a valid 'weak' signature, the only protection against
replay is Message ID tracking.
I don't understand the attack you have in mind. First, do you mean
the Mediator identified in the fs= tag
Scott Kitterman writes:
Keeping in mind that one of the advantages of this approach is not
needing to keep a real time list of mediator addresses users in
your domain might send to, to make this work at scale, I think the
fs= signature has to be put on all messages.
I don't think so. I
On 4/14/2015 12:53 PM, Douglas Otis wrote:
Dear Scott and Hector,
DMARC offers feedback to help identify where a listing is
needed. This list can be placed in DNS using hash labels
and TSIG, for example.
Sure Doug, yes, there are ways to automate this. The feedback is there
and scripts can
On Wednesday, April 15, 2015 01:04:34 AM Stephen J. Turnbull wrote:
Scott Kitterman writes:
8 bit to 7 bit transformations are also not rare.
In the header? I guess with RFC 6532 that could happen frequently
(but those folks are likely to be in trouble with DKIM anyway for the
On the other hand for other companies, Yes, I believe it is very feasible and
manageable.
So, maybe I'm missing something here on the idea of TPA and registration of
mailing lists (in DNS), and mentioning Google Groups and how they can figure it
out... but not every emailer controls the DNS
Scott Kitterman writes:
8 bit to 7 bit transformations are also not rare.
In the header? I guess with RFC 6532 that could happen frequently
(but those folks are likely to be in trouble with DKIM anyway for the
foreseeable future).
Really, isn't the question whether Yahoo! and AOL are
On April 14, 2015 6:44:32 PM EDT, Hector Santos hsan...@isdg.net wrote:
On 4/14/2015 5:43 PM, Scott Kitterman wrote:
We should not expect anything different for a domain finding its
network of signers. If it doesn't know its list of signers, then
it
just registered what it can and create a
Colleagues,
The DBOUND working group has officially formed. We will be working on the
question of what to do about our concerns with the Public Suffix List,
which is an important component of DMARC, so it's relevant here.
The chairs will be announcing to that list soon what our plan of attack
On Tuesday, April 14, 2015 10:44:39 PM Stephen J. Turnbull wrote:
Scott Kitterman writes:
Keeping in mind that one of the advantages of this approach is not
needing to keep a real time list of mediator addresses users in
your domain might send to, to make this work at scale, I think the
On Tue, Apr 14, 2015 at 1:24 PM, Rolf E. Sonneveld
r.e.sonnev...@sonnection.nl wrote:
Remembering to what great lengths the ietf-dkim group went to make sure
that every bit of a message was covered by the signature (and with the l=
discussions in mind) I would really be surprised if adding
On April 14, 2015 3:13:36 PM EDT, Hector Santos hsan...@isdg.net wrote:
On 4/14/2015 2:09 PM, Douglas Otis wrote:
On 4/14/15 10:12 AM, Terry Zink wrote:
That's what we mean when we say it doesn't scale.
Dear Terry,
TPA-Label operates within its own sub-domain. This
sub-domain can be
On 4/14/2015 3:03 PM, Terry Zink wrote:
Hi, Doug,
TPA-Label operates within its own sub-domain. This
sub-domain can be delegated or use DNAME.
How is the scaling issue really worse than the changes
currently required for SPF? In fact, SPF often entails more
DNS transactions per use
When I
On 4/14/2015 2:09 PM, Douglas Otis wrote:
On 4/14/15 10:12 AM, Terry Zink wrote:
That's what we mean when we say it doesn't scale.
Dear Terry,
TPA-Label operates within its own sub-domain. This
sub-domain can be delegated or use DNAME. This means this
information can be handled by an
On Tue, Apr 14, 2015 at 12:03 PM, Terry Zink tz...@exchange.microsoft.com
wrote:
Getting someone to add anything to DNS doesn't work well [3] unless it is
automated because the majority of people that I work with in the customer
space don't feel comfortable managing DNS; it is rare that I
On Tue, Apr 14, 2015 at 7:56 AM, Stephen J. Turnbull step...@xemacs.org
wrote:
If I misunderstood the proposal and it requires someone to be
keeping a list of mailing lists used (either globally or by
individual users), then I think this is not a good idea at all. I
don't think any
On 04/14/2015 09:15 PM, Murray S. Kucherawy wrote:
On Tue, Apr 14, 2015 at 8:25 AM, Scott Kitterman skl...@kitterman.com
mailto:skl...@kitterman.com wrote:
I haven't reviewed his in detail, so I've no opinion. I was
talking about
this proposal. Not getting fancy with MIME parts
On 4/14/2015 5:31 PM, Murray S. Kucherawy wrote:
On Tue, Apr 14, 2015 at 1:24 PM, Rolf E. Sonneveld
r.e.sonnev...@sonnection.nl wrote:
Remembering to what great lengths the ietf-dkim group went to make sure
that every bit of a message was covered by the signature (and with the l=
discussions
On 4/14/2015 5:43 PM, Scott Kitterman wrote:
We should not expect anything different for a domain finding its
network of signers. If it doesn't know its list of signers, then it
just registered what it can and create a relaxed DMARC policy.
Which is completely orthogonal to the question.
On 4/14/15 2:43 PM, Scott Kitterman wrote:
On April 14, 2015 3:13:36 PM EDT, Hector Santos hsan...@isdg.net wrote:
On 4/14/2015 2:09 PM, Douglas Otis wrote:
On 4/14/15 10:12 AM, Terry Zink wrote:
That's what we mean when we say it doesn't scale.
Dear Terry,
TPA-Label operates within its
I've been following the thread(s) regarding how to enable 3rd parties where a
formal relationship doesn't exist and this reinforces my thought that it is
ultimately easier systemically (even allowing for the arguments that it is
unfair) for intermediaries to take ownership of messages they
On 4/14/2015 1:47 PM, Murray S. Kucherawy wrote:
It's not marketing to decide to abandon a protocol that nobody will
actually use.
Why do you keep repeating this when you know it is not true? We used
it in real commercial products and it works as designed. It has scaled
for us.
Rather,
22 matches
Mail list logo
