On Sunday, May 10, 2015 01:33:48 AM Anne Bennett wrote:
Hmm, Hector, I think you've forced me to convince myself that you're
on the right track: I think that the registration problem is a red
herring after all. There's no deterministic way to decide what's a
legitimate mailing list (or other
On Sat, May 9, 2015 at 10:33 PM, Anne Bennett a...@encs.concordia.ca
wrote:
Hmm, Hector, I think you've forced me to convince myself that you're
on the right track: I think that the registration problem is a red
herring after all. There's no deterministic way to decide what's a
legitimate
On Sat, May 9, 2015 at 10:33 PM, Anne Bennett a...@encs.concordia.ca
wrote:
Hmm, Hector, I think you've forced me to convince myself that you're
on the right track: I think that the registration problem is a red
herring after all. There's no deterministic way to decide what's a
legitimate
I suppose the tl;dr version of my last reply is:
The registration problem is not a red herring because it doesn't exist, but
because it
is intractable. Thus, any response to the third-party problem that relies on
a solution
to that problem (which includes ATPS, DSAP, and TPA) is
On Sun, May 10, 2015 at 7:05 AM, Anne Bennett a...@encs.concordia.ca
wrote:
But I think that some of the re-signing schemes being proposed at
the moment do *not* require this type of registration, so in those
cases, the registration problem wouldn't apply. If A is not signing
B's mail, but
Murray S. Kucherawy writes:
That means any actor inside A can sign mail that claims to come
from B. So if A is compromised, B is hosed. The Bs of the
world tend not to be so thrilled with this.
I think only Hector and Douglas would argue with you, and I predict
they will. Let's agree to
Remember the key axiom of mail reputation: you cannot say good things
about yourself, only neutral or bad things. ...
This is an interesting observation when compared to DKIM and SPF, where you
only actually know something about the message when they report a pass.
But that's authentication,
On Sun, May 10, 2015 at 10:40 AM, Stephen J. Turnbull step...@xemacs.org
wrote:
This How do we populate the set? is the registration problem.
There are some implicit safely and at scale adverbs in there
too, just for flavor.
Sure, but even with the adverbs it's not a problem for
On May 10, 2015 11:55:22 AM EDT, Stephen J. Turnbull step...@xemacs.org
wrote:
Scott Kitterman writes:
Yahoo, for example, already consider the impact of this and other
breakage to be less than the benefit of p=reject.
True, but the benefit of p=reject is huge: Yahoo! claims malicious
Anne Bennett writes:
But if I understand correctly, it's being suggested that for
various proposals made here to work, either the sender's mail
system or the final receiver's mail system would have to become
aware of all
All has been asserted. Why it needs to be all has not been
On Sun, May 10, 2015 at 9:53 AM, John Levine jo...@taugh.com wrote:
Under at least one of the proposals, it can be determined that yes, A
signed the mods, and if the mods are removed to re-generate the original
message, B signed the original message. If we have that, then I think
the
On 5/9/2015 3:01 PM, Scott Kitterman wrote:
On May 9, 2015 1:13:15 PM EDT, Hector Santos hsan...@isdg.net wrote:
Your bar is too unrealistically high for typical IETF project work that
is still in the experimental stages. You should be thankful, we
didn't apply this bar to the SPF experiment.
On 5/10/2015 2:14 AM, Murray S. Kucherawy wrote:
On Sat, May 9, 2015 at 10:33 PM, Anne Bennett a...@encs.concordia.ca
mailto:a...@encs.concordia.ca wrote:
Hmm, Hector, I think you've forced me to convince myself that you're
on the right track: I think that the registration problem is a
Michael Jack Assels writes:
A domain SHOULD NOT publish a p=reject policy if it will emit mail
intended to be mediated with modifications by another domain unless
the mediating domain is exempted from the policy by [fill in the
eventually approved mechanism(s)].
That won't
Scott Kitterman writes:
Yahoo, for example, already consider the impact of this and other
breakage to be less than the benefit of p=reject.
True, but the benefit of p=reject is huge: Yahoo! claims malicious
mailflows of more than a million messages per minute disappeared like
magic when they
The registration problem is not a red herring because it doesn't
exist, but because it is intractable. Thus, any response to the
third-party problem that relies on a solution to that problem
(which includes ATPS, DSAP, and TPA) is probably not viable.
I agree.
But I think that some of the
16 matches
Mail list logo
