Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On 27 Sep 2010, John R. Levine wrote: > > A reasonable interpretation of the RFC is that "dkim=all" still indicates > > that all mail with no signature is bogus > > No. If that's what we meant, that's what we would have said. I base that on section B.1, which specifically mentions mailing lists a

[ietf-dkim] DKIM reputation service

Hi, If you haven't already seen the announcement, you may be interested to know that Spamhaus are trialling a DKIM based domain reputation service - the DWL. It's being tried alongside an IP address based whitelist, the SWL. To get on to the DWL

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

--On 24 September 2010 20:10:15 -0400 "John R. Levine" wrote: >> It may be tiny, but users will not tolerate the total destruction of >> mailing list traffic, which is the inevitable result of any ADSP use at >> both ends which is sufficent to block actual forgeries (without using >> whitelist

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

Good point. So it's two things, lists should sign outgoing mail, and discard any incoming mail with dkim=discardable. No, they should reject the email at SMTP time. The email is NOT discardable when it arrives at the MLM. Rejection at SMTP time does no harm, and gives the sender an opportunit

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

Ignorance is bliss, I guess, especially when it comes to pontificates. That's what every implementation of DKIM for MTA's, both open source and commercial that I'm aware of does, though some do and don't do the ADSP lookup. News at 11: email is still delivered, with little to no observable impact.

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

> Ignorance is bliss, I guess, especially when it comes to pontificates. > That's what every implementation of DKIM for MTA's, both open source and > commercial that I'm aware of does, though some do and don't do the ADSP > lookup. News at 11: email is still delivered, with little to no observable

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On 09/27/2010 10:38 AM, John R. Levine wrote: >> Ignorance is bliss, I guess, especially when it comes to pontificates. >> That's what every implementation of DKIM for MTA's, both open source and >> commercial that I'm aware of does, though some do and don't do the ADSP >> lookup. News at 11: email

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On 09/27/2010 10:58 AM, Michael Thomas wrote: > On 09/27/2010 10:38 AM, John R. Levine wrote: >>> Ignorance is bliss, I guess, especially when it comes to pontificates. >>> That's what every implementation of DKIM for MTA's, both open source and >>> commercial that I'm aware of does, though some do

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On 27/Sep/10 17:07, John R. Levine wrote: >>> Good point. So it's two things, lists should sign outgoing mail, and >>> discard any incoming mail with dkim=discardable. >> >> No, they should reject the email at SMTP time. The email is NOT >> discardable when it arrives at the MLM. Rejection at SMTP

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On Mon, Sep 27, 2010 at 1:05 PM, Michael Thomas wrote: > On 09/27/2010 10:58 AM, Michael Thomas wrote: >> On 09/27/2010 10:38 AM, John R. Levine wrote: Ignorance is bliss, I guess, especially when it comes to pontificates. That's what every implementation of DKIM for MTA's, both open sou

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of John R. Levine > Sent: Monday, September 27, 2010 10:38 AM > To: Michael Thomas > Cc: DKIM List > Subject: Re: [ietf-dkim] Corner cases and loose ends, was , draft- > vesely-d

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Al Iverson > Sent: Monday, September 27, 2010 11:18 AM > To: DKIM List > Subject: Re: [ietf-dkim] Corner cases and loose ends, was , > draft-vesely-dkim-joint-sigs > > It's

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On 09/27/2010 11:17 AM, Al Iverson wrote: > On Mon, Sep 27, 2010 at 1:05 PM, Michael Thomas wrote: >> On 09/27/2010 10:58 AM, Michael Thomas wrote: >>> On 09/27/2010 10:38 AM, John R. Levine wrote: > Ignorance is bliss, I guess, especially when it comes to pontificates. > That's what every

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote: >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- >> boun...@mipassoc.org] On Behalf Of John R. Levine ... >> It is not my impression that they all do the full DKIM validation while >> the SMTP session is open. Mine doesn't. > > The milt

[ietf-dkim] ADSP Extensions

Michael Thomas wrote: > On 09/27/2010 10:58 AM, Michael Thomas wrote: >> Source is your friend. > > Oh, I see John weaseled from "nobody does that" to the unprovable > "not everybody does that". In any case, John is completely wrong > with his assertion that doing DKIM/ADSP validation at SMTP tim

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

John R. Levine wrote: >> Ignorance is bliss, I guess, especially when it comes to pontificates. >> That's what every implementation of DKIM for MTA's, both open source and >> commercial that I'm aware of does, though some do and don't do the ADSP >> lookup. News at 11: email is still delivered, wit

Re: [ietf-dkim] Authorizing List Domains

On 9/25/10 6:41 AM, Hector Santos wrote: > And it works great with sender/domain policies. Here is a A-R > record examples with the experimental ASL extension: > > This was from a message posted to a list and how a beta tester member > got: > > Authentication-Results: dkim.megabytecoffee.c

Re: [ietf-dkim] Authorizing List Domains

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Douglas Otis > Sent: Monday, September 27, 2010 12:00 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Authorizing List Domains > > The ATPS draft incorrectly assum

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On Mon, Sep 27, 2010 at 11:39:43AM -0700, Dave CROCKER allegedly wrote: > > > On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote: > >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > >> boun...@mipassoc.org] On Behalf Of John R. Levine > ... > >> It is not my impression that they all do t

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Dave CROCKER > Sent: Monday, September 27, 2010 11:40 AM > To: DKIM List > Subject: Re: [ietf-dkim] Corner cases and loose ends, was , > draft-vesely-dkim-joint-sigs > > It'

[ietf-dkim] I-D ACTION:draft-ietf-dkim-rfc4871bis-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Keys Identified Mail Working Group of the IETF. Title : DomainKeys Identified Mail (DKIM) Signatures Author(s) : D. Crocker, M. Kucherawy, T. Ha

Re: [ietf-dkim] Authorizing List Domains

On 9/27/10 12:10 PM, Murray S. Kucherawy wrote: >> On Monday, September 27, 2010 12:00 PM, Douglas Otis wrote: >> >> The ATPS draft incorrectly assumes two things: >> >> 1) All desired third-party services use DKIM. > For the purposes of the experiment, that seems to be a reasonable assumption >

Re: [ietf-dkim] Authorizing List Domains

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Douglas Otis > Sent: Monday, September 27, 2010 3:02 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Authorizing List Domains > > You have placed TPA information i

Re: [ietf-dkim] Authorizing List Domains

On 9/27/10 3:13 PM, Murray S. Kucherawy wrote: >> On Monday, September 27, 2010 3:02 PM, Douglas Otis wrote: >> >> You have placed TPA information in a domain not below >> "_domainkey.". This increases the response size by 11 >> bytes with a trade-off of making delegations to signing mail provid

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

> That said, there's a lot of agreement that filtering during SMTP is better > than accept-and-then-deal-with-it approaches. (cf. RFC5451, Appendix C) > Unfortunately post-DATA rejection is the only way that can be done, short of > changes to SMTP in the way of yet another extension that would

Re: [ietf-dkim] I-D ACTION:draft-ietf-dkim-rfc4871bis-01.txt

A few nits: In the informative note at the end of sec 3.1, suggest untangling the last two sentences to : For this reason signers SHOULD NOT reuse selectors with new keys, and SHOULD assign a new selector to each new signing key. In 3.2, just above the description of h= there's an extra l

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

> -Original Message- > From: John R. Levine [mailto:jo...@iecc.com] > Sent: Monday, September 27, 2010 8:06 PM > To: Murray S. Kucherawy > Cc: DKIM List > Subject: Re: [ietf-dkim] Corner cases and loose ends, was , draft- > vesely-dkim-joint-sigs > > > That no workable envelope-level DKIM

Re: [ietf-dkim] Authorizing List Domains

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Douglas Otis > Sent: Monday, September 27, 2010 4:19 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Authorizing List Domains As this work isn't specifically withi