-1
---
Sent from my mobile phone
On Jul 10, 2011, at 3:58 AM, Michael Deutschmann mich...@talamasca.ocis.net
wrote:
On Sun, 10 Jul 2011, Hector Santos wrote:
Now of course, if ADSP was a standard and whitehouse.com had an
exclusive signing policy, receivers would of rejected the junk
-Original Message-
From: John Levine [mailto:jo...@iecc.com]
Sent: Thursday, July 07, 2011 6:22 PM
Will your assume one more From than listed in h= lead to failed
verifications on messages that actually follow the advice in the RFC to
list duplicate headers in their h= values?
Will your assume one more From than listed in h= lead to failed verifications
on messages that actually follow the advice in the RFC to list duplicate
headers in their h= values?
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On
On Apr 3, 2011, at 5:12 PM, Dave CROCKER wrote:
OK. So the capability exists, but people choose not to use it. Some people
in
fact choose to disable this capability; note that a) ADSP is an add-on, not
the
DKIM core, and b) the actual uptake of ADSP on the receive side is not known
On Apr 4, 2011, at 12:09 AM, John Levine wrote:
If there is a reason why people aren't able to use a d= domain per
stream, I wish someone would explain in simple terms that even a
dimwit like me can understand.
The only arguments I'm aware of is that hostile or incompetent DNS
managers
I believe the context for your earlier comments that I responded to was the
discussion about deprecating i= and/or adding a new st= tag. I hope my
comments were not interpreted as supporting either of those changes. That was
not my intention.
On Apr 4, 2011, at 10:47 AM, John R. Levine
On Mar 30, 2011, at 11:49 PM, Jim Fenton wrote:
. Goodmail ..
. .
V V
Client - Mail - Transfer - Service - Receiver - Recipient
Goodmail interacted with the creator
On Mar 2, 2011, at 3:19 AM, Michael Deutschmann wrote:
On Tue, 1 Mar 2011, MH Michael Hammer wrote:
The display name is problematic as Mr. Crocker has pointed out. One
solution to this which I have suggested in the past is to not display
the display name in the MUA if the email fails to
, 2011, at 6:30 PM, Murray S. Kucherawy wrote:
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
On Behalf Of McDowell, Brett
Sent: Tuesday, January 11, 2011 2:33 PM
To: ietf-dkim@mipassoc.org WG
Subject: [ietf-dkim] RFC4871
(if this doesn't belong on this list, please let me know)
RFC 4871 states:
h= Acceptable hash algorithms (plain-text; OPTIONAL, defaults to
allowing all algorithms). A colon-separated list of hash
algorithms that might be used. Signers and Verifiers MUST
support the
It was my understanding that the MLM BCP was intended to inform MLM operators
of what they should do with DKIM-signed mail. Since that is the critical
question, I would assert we need rough consensus on the answer to that question
before issuing a WGLC on the document. I do not believe we
On Sep 15, 2010, at 12:11 AM, Murray S. Kucherawy wrote:
Based on that (rather precise) description, aren't ADSP's requirements a
proper subset of the DKIM requirements? If so, I'm not sure I agree with
badly conflicting, but it does frame future discussion quite nicely.
For example, if
On Sep 15, 2010, at 11:02 AM, Jeff Macdonald wrote:
On Wed, Sep 15, 2010 at 10:43 AM, McDowell, Brett
bmcdow...@paypal-inc.com wrote:
On Sep 15, 2010, at 12:11 AM, Murray S. Kucherawy wrote:
Based on that (rather precise) description, aren't ADSP's requirements a
proper subset
(sorry Stephen, but I had to reply to this one)
On Sep 15, 2010, at 12:01 PM, Steve Atkins wrote:
That seems aligned with Steve's point about DKIM's value coming (only?) when
the d= value is not the same as the domain-name in the from: field. So
according to you (and Steve?) the IETF
On Sep 14, 2010, at 9:15 AM, Hector Santos wrote:
Ian Eiloart wrote:
If the MLM owner knowingly breaks a signature, and either discards the
message or forwards it into a system that is likely to discard it, and do
not notify the sender, then the forwarder must be responsible for any harm
On Sep 14, 2010, at 10:32 AM, John R. Levine wrote:
It does not mean low value mail and I don't think you will find a
sending mplementing dkim=discardable that would agree with you.
Then in the RFC we utterly failed to make it clear what dkim=discardable
means. Sigh.
Once again, we see
On Sep 14, 2010, at 11:13 AM, John R. Levine wrote:
I agree with Mike's assessment.
I remain unable to reconcile this is very important and throw it away
applied to the same message.
Scott nailed it when he said: This means they view the risks of having
legitimate
mail discarded as
On Sep 13, 2010, at 5:30 PM, Douglas Otis wrote:
On 9/13/10 1:03 PM, McDowell, Brett wrote:
The ADSP=discardable deployer is not conveying apathy regarding the
deliverability of their mail, quite the opposite IMO. They are saying (to
paraphrase) please attempt to verify the DKIM
...and implement what you think should work before making an issue of it in
IETF.
That's been my #1 lesson this year (I'm new to IETF). I originally was
actually worried about blowback by the community if a large entity like
ourselves and few other household names just went off and deployed
On Sep 13, 2010, at 10:10 AM, John R. Levine wrote:
What ADSP users want is irrelevant. This is about what MLMs want (which is
most likely to ensure that submitted messages reach the whole of their
list without problems).
Right. The easiest way to do so, assuming you believe that enough
On Sep 4, 2010, at 9:31 PM, Steve Atkins wrote:
The whole point of rotating keys is so that loss of an old private key
isn't a risk. Given that, I think that even if you're fairly sure that a key
pair hasn't been compromised then you should remove the public
key as soon as is reasonable after
On Sep 9, 2010, at 2:26 PM, Steve Atkins wrote:
On Sep 9, 2010, at 11:12 AM, McDowell, Brett wrote:
I'd be surprised to discover many senders are rotating keys every eight days.
I didn't suggest rotating keys every eight days. Rather, I suggested leaving
the public keys in place for 8
On May 20, 2010, at 10:09 AM, MH Michael Hammer (5304) wrote:
If Brett or anyone else has data points that would impact the decision
as to whether the group sticks to a Lists BCP discussion based on
current practice/implementations or sets that aside to modify ADSP, now
is the time to present
On May 10, 2010, at 2:01 PM, Murray S. Kucherawy wrote:
http://datatracker.ietf.org/doc/draft-kucherawy-dkim-lists/
Would the WG like to bring it in and make it a WG document? If so, I
volunteer to act as editor.
I'm an IETF newbie, so correct me if I'm wrong. But it seems you are
On May 3, 2010, at 11:06 AM, MH Michael Hammer (5304) wrote:
And it is easy enough to do F2F in a manner that does not break the
authentication-based service.
How?
-- Brett
___
NOTE WELL: This list operates according to
On Apr 29, 2010, at 9:06 PM, John Levine wrote:
I just don't see how you can simultaneously say throw away unsigned
mail and don't throw away unsigned mail if a list says it used to be
signed unless you have some way to identify trustworthy lists.
Precisely! The key phrase being unless you
On Apr 30, 2010, at 5:30 AM, Ian Eiloart wrote:
--On 29 April 2010 10:58:44 -0600 McDowell, Brett bmcdow...@paypal.com
wrote:
On Apr 28, 2010, at 2:11 PM, John R. Levine wrote:
Your proposal that MLM remove Signatures would cause restrictive
policies to fail.
Which is why I oppose
On Apr 30, 2010, at 10:23 AM, Michael Thomas wrote:
On 04/30/2010 07:05 AM, McDowell, Brett wrote:
In that scenario, if the MLM re-signing solution has been deployed by Y, and
DKIM+ADSP has been deployed by X Z, and Z has chosen to take action on X's
ADSP policies... the only thing Z
On Apr 30, 2010, at 2:24 PM, John Levine wrote:
We need to be precise about what we mean by trustworthy. Even if I
have some way to identify trustworthy lists as you put it above, I
have to be very clear about what I'm actually trusting that list to do.
When I sign up for a list, I
On Apr 30, 2010, at 2:31 PM, John Levine wrote:
Even with your discardable adsp setting, it becomes a
matter of the order of checks at the receiver's gate (eg, whitelist
first, then adsp...)
But since mailbox providers already manage reputation at scale, how much
of a burden is adding this
On Apr 30, 2010, at 1:38 PM, Alessandro Vesely wrote:
On 30/Apr/10 12:13, Ian Eiloart wrote:
--On 28 April 2010 11:02:53 -0400 MH Michael Hammer (5304)
mham...@ag.com wrote:
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP
On Apr 30, 2010, at 12:28 PM, Jeff Macdonald wrote:
I'm willing to go from a world where any system can use my From to one
where only the systems I say can. And that means changes.
That's an example of the problem in using the term: Much discussion about
DKIM presume far more end-to-end
On Apr 28, 2010, at 2:11 PM, John R. Levine wrote:
Your proposal that MLM remove Signatures would cause restrictive
policies to fail.
Which is why I oppose this proposal.
Indeed. I'm assuming that any list that paid attention to ADSP would sign
its outgoing mail and would expect its
Gentlemen...
There has *not* been a report of any misconfiguration on paypal.com. The
report, which I've taken off-list and am actively chasing down, actually *may*
indicate that gmail is not consistently blocking broken DKIM signatures from
paypal.com (which our ADSP asks and they have
(oops, sorry, it was an issue Al raised, not John... in any event here's my
answer)
On Apr 29, 2010, at 1:23 PM, Al Iverson wrote:
On Thu, Apr 29, 2010 at 11:58 AM, McDowell, Brett bmcdow...@paypal.com
wrote:
On Apr 28, 2010, at 2:11 PM, John R. Levine wrote:
Your proposal that MLM
On Apr 29, 2010, at 3:47 PM, Graham Murray wrote:
McDowell, Brett bmcdow...@paypal.com writes:
Priority: it's more important to us that cyber criminals not be
systemically enabled to leverage MLM systems to bypass email
authentication flows and consumer protection policies designed
On Apr 27, 2010, at 1:34 PM, Murray S. Kucherawy wrote:
-Original Message-
From: Jeff Macdonald [mailto:macfisher...@gmail.com]
Sent: Tuesday, April 27, 2010 10:05 AM
To: McDowell, Brett
Cc: Murray S. Kucherawy; ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion
On Apr 27, 2010, at 1:50 PM, Dave CROCKER wrote:
On 4/27/2010 10:40 AM, McDowell, Brett wrote:
That's how I see it. The key is that Y *validates* the DKIM signature and
processes the sender's ADSP
Where is this going to be supported? That is, how widespread does anyone
believe
Who do you feel we need to hear from at this stage to gauge interest?
-- Brett
On Apr 27, 2010, at 2:32 PM, Dave CROCKER wrote:
On 4/27/2010 11:08 AM, McDowell, Brett wrote:
On Apr 27, 2010, at 1:50 PM, Dave CROCKER wrote:
On 4/27/2010 10:40 AM, McDowell, Brett wrote:
That's how I
On Apr 27, 2010, at 2:57 PM, Dave CROCKER wrote:
On 4/27/2010 11:48 AM, McDowell, Brett wrote:
Who do you feel we need to hear from at this stage to gauge interest?
For any specification, it helps to hear from the folks who will write the
software and from the folks who will deploy
Since you brought it up... ;-)
I would say there is no single primary benefit to DKIM. I would say there
are many benefits to DKIM. And, to be explicit about it, I believe applying
DKIM for the purpose of consumer protection is at least as valid a benefit of
DKIM as applying it for improved
in order to continue to develop the concepts.
So... is there any other interest in this scenario... form MLM vendors or
service providers?
-- Brett
On Apr 27, 2010, at 3:11 PM, Dave CROCKER wrote:
On 4/27/2010 12:04 PM, McDowell, Brett wrote:
On Apr 27, 2010, at 2:57 PM, Dave CROCKER
On Apr 23, 2010, at 12:56 PM, John Levine wrote:
John, can you simply clarify the rules/logic of your FBL with Yahoo!?
That will clarify this scenario considerably.
It's just like the IP based FBLs that other mail systems have, only
keyed on DK or DKIM d= signing domains rather than IP
On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote:
Something like: X sends to a list at Y that then relays to Z; Z trusts Y to
implement DKIM and Authentication-Results and all that properly, so Z
believes Y when it says X had a signature on here that verified even if X's
signature on
I've read through all the responses on the list but I'm responding to John's
original message because so much of the responses have made critical
assumptions about the nature of the FBL with Yahoo!.
John, can you simply clarify the rules/logic of your FBL with Yahoo!? That
will clarify this
45 matches
Mail list logo
