Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Scott Kitterman
On Tuesday, May 05, 2015 11:00:43 PM Hector Santos wrote: > On 5/5/2015 7:55 PM, Scott Kitterman wrote: > > On Tuesday, May 05, 2015 02:24:19 PM Hector Santos wrote: > >> You don't even have to say "universally useful." All that does is > >> keeps possible implementators away. It can be very use

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Hector Santos
On 5/5/2015 7:55 PM, Scott Kitterman wrote: On Tuesday, May 05, 2015 02:24:19 PM Hector Santos wrote: You don't even have to say "universally useful." All that does is keeps possible implementators away. It can be very useful to some and to them, its universal. It depends on the type of m

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Scott Kitterman
On Tuesday, May 05, 2015 02:24:19 PM Hector Santos wrote: > On 5/5/2015 2:01 PM, Murray S. Kucherawy wrote: > > On Tue, May 5, 2015 at 10:33 AM, Scott Kitterman > > > > wrote: > > Wrapping a 'somebody else's problem field' around the registration > > piece of

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Douglas Otis
On 5/5/15 1:24 PM, John R Levine wrote: >> John’s proposal changes DKIM but also requires additional >> changes in DMARC to respect the changes that were made to >> DKIM when doing alignment (the @fs=domain is more or less >> the same as the Original-To below). ... > > It's not supposed to. The

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread John R Levine
It's not supposed to. The decision about whether a DKIM signature that depends on a chained signature is valid is supposed to happen entirely within the updated DKIM module. DMARC just uses that result. I assume the DKIM module is able to look at all of the DKIM signatures on a message and repo

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread John R Levine
I interpreted John's proposal to mean a DKIM verifier would not pass a signature with "@fs=" unless it was also accompanied by a signature from the "fs" domain. Thus, the modified result logic is completely within the DKIM module, which DMARC then consumes. It's a much cleaner separation of func

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Murray S. Kucherawy
On Tue, May 5, 2015 at 1:17 PM, Terry Zink wrote: > > > What advantage does this have over John's proposal? It actually looks > more c > > complicated to me, because it spans the divide between DKIM and DMARC. > John's > > proposal is completely contained within DKIM. > > > John’s proposal chang

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Murray S. Kucherawy
On Tue, May 5, 2015 at 1:24 PM, John R Levine wrote: > John’s proposal changes DKIM but also requires additional changes in DMARC >> to respect the changes that were made to DKIM when doing alignment (the >> @fs=domain is more or less the same as the Original-To below). ... >> > > It's not suppos

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Terry Zink
Hmm, okay. I need to think through what I wrote a little more, then. I think I misunderstood somewhat your proposal. -- Terry -Original Message- From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of John R Levine Sent: Tuesday, May 5, 2015 1:24 PM To: Terry Zink Cc: dmarc@ietf.org Sub

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Terry Zink
> You're either saying this change belongs in DKIM (which then ascribes special > meaning to this kind of signature combination, or to "v=2" signatures, or > something), > or you're leaving DKIM alone and saying that the analysis logic appears in > DMARC. I want to rescind my DKIM v=2 and put the

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread John R Levine
John’s proposal changes DKIM but also requires additional changes in DMARC to respect the changes that were made to DKIM when doing alignment (the @fs=domain is more or less the same as the Original-To below). ... It's not supposed to. The decision about whether a DKIM signature that depends

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Murray S. Kucherawy
On Tue, May 5, 2015 at 12:28 PM, Terry Zink wrote: > From: Joe User > *** To: fr...@hotmail.com > Original-To: b...@birdwatchers.org > *** Subject: [BIRDWATCHERS] Hi, I'm Joe from the northeast![...] > DKIM-Signature: v=1; d=yahoo.com; > h=from:date:subject:to:mime-version:message-id:content-t

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Terry Zink
What about some variant of the following using a revised version of John Levine's conditional DKIM (@fs=) draft? Here's the scenario. Joe User is an avid birdwatcher and joins the Birdwatchers in the northeast discussion group, b...@birdwatchers.org. He sends a mes

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Murray S. Kucherawy
On Tue, May 5, 2015 at 11:55 AM, John Levine wrote: > > Not so good, since there are lists that do't have list-id and spam > that does. > > There's a large class of approaches that either require registration, > the various third party signers, or would likely work better with it > like my double

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Hector Santos
On 5/5/2015 2:26 PM, Douglas Otis wrote: Dear Murray and Hector, ,-- DMARC could make an assertion of "sam=tpa; and tpa=third-party-authority.example.com;" when the DMARC domain offers the Specific Advisory Methods "sam=" tag indicating the third-party advisory methods supported. The "tpa=" t

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread John Levine
>Is it sufficient to say something like this?: > >"A participating operator needs to solve the registration problem. >Different operators will have different capabilities, requirements, and >limitations here. So far so good. > A very simple approach would be ; Not so good, since there are lists

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Douglas Otis
On 5/5/15 11:01 AM, Murray S. Kucherawy wrote: > On Tue, May 5, 2015 at 10:33 AM, Scott Kitterman > wrote: > >> Wrapping a 'somebody else's problem field' around the registration piece >> of this doesn't make it any more feasible. >> > Is it sufficient to say something like this?: > > "A partici

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Hector Santos
On 5/5/2015 2:01 PM, Murray S. Kucherawy wrote: On Tue, May 5, 2015 at 10:33 AM, Scott Kitterman mailto:skl...@kitterman.com>> wrote: Wrapping a 'somebody else's problem field' around the registration piece of this doesn't make it any more feasible. Is it sufficient to say something li

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Murray S. Kucherawy
On Tue, May 5, 2015 at 10:33 AM, Scott Kitterman wrote: > Wrapping a 'somebody else's problem field' around the registration piece > of this doesn't make it any more feasible. > Is it sufficient to say something like this?: "A participating operator needs to solve the registration problem. Diff

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Hector Santos
On 5/5/2015 1:33 PM, Scott Kitterman wrote: On May 5, 2015 1:25:43 PM EDT, Hector Santos wrote: The main point would be that DSAP protocols can still be completed making the registration part out of scope. It would be part of the publishing and adoption, migration section as a short or long p

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Scott Kitterman
On May 5, 2015 1:25:43 PM EDT, Hector Santos wrote: > >On 5/5/2015 12:50 PM, Scott Kitterman wrote: > >> On May 5, 2015 12:16:16 PM EDT, "Stephen J. Turnbull" > wrote: >>> But the main point that everybody is missing is that we *do not* >need >>> to deal with the "registration problem" in this WG

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Hector Santos
On 5/5/2015 12:50 PM, Scott Kitterman wrote: On May 5, 2015 12:16:16 PM EDT, "Stephen J. Turnbull" wrote: But the main point that everybody is missing is that we *do not* need to deal with the "registration problem" in this WG because the information to register a substantial fraction of mai

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Douglas Otis
On 5/4/15 4:20 PM, Franck Martin wrote: > - Original Message - >> From: "Stephen J. Turnbull" >> To: "Kurt Andersen" >> Cc: dmarc@ietf.org, "Murray S. Kucherawy" , "Franck >> Martin" >> Sent: Saturday, May 2, 2015 9:56:44 AM >> Subject: Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS su

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Murray S. Kucherawy
On Tue, May 5, 2015 at 9:50 AM, Scott Kitterman wrote: > >But the main point that everybody is missing is that we *do not* need > >to deal with the "registration problem" in this WG because the > >information to register a substantial fraction of mailing lists is > >distributed in the related mai

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Scott Kitterman
On May 5, 2015 12:16:16 PM EDT, "Stephen J. Turnbull" wrote: >Franck Martin writes: > > > I did not want to burn your proposal, sorry if it passed like > > this. I just wanted to make a comment, from personal observations, > > that non-mailing list related emails have list-id too. > >I made the s

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

2015-05-05 Thread Stephen J. Turnbull
Franck Martin writes: > I did not want to burn your proposal, sorry if it passed like > this. I just wanted to make a comment, from personal observations, > that non-mailing list related emails have list-id too. I made the same observation from a theoretical point of view, so I have no problem