Re: [ietf-dkim] Mailsploit

> On Dec 5, 2017, at 2:23 PM, Grant Taylor wrote: > > What's worse, no security, or bad / false security? That's DMARC's motto. Cheers, Steve ___ NOTE WELL: This list operates according to

Re: [ietf-dkim] Mailsploit

> On Dec 5, 2017, at 1:36 PM, Dave Crocker <dcroc...@bbiw.net> wrote: > > On 12/5/2017 1:33 PM, Steve Atkins wrote: >> It's a DMARC issue rather than a DKIM one. > > > How is it a DMARC issue? From: {spoo-that-expands-to bill...@paypal.com\0}@badpeople.ru w

Re: [ietf-dkim] Mailsploit

> On Dec 5, 2017, at 1:24 PM, Pawel Lesnikowski > wrote: > > Hi All, > > I'm not sure if you noticed but it seems many client are affected by > 'mailsploit': > https://www.mailsploit.com/index > > Basically the attacker uses special characters inside encoded words

[ietf-dkim] Fwd: SendGrid, GetResponse and Hubspot being used over DKIM "patent"

I thought this might be of interest to DKIM implementers. > Begin forwarded message: > > From: Laura Atkins > > A company called TrueMail is suing the above 3 companies claiming DKIM is an > infringement of 3 patents they own. > > Docs are up: > >

Re: [ietf-dkim] need for clarification

On Jan 27, 2015, at 8:43 AM, A. Schulze s...@andreasschulze.de wrote: Hello everybody, Murray encourage me to ask here: https://tools.ietf.org/html/rfc6376#section-3.3.3 say Signers MUST use RSA keys of at least 1024 bits for long-lived keys. and Verifiers MUST be able to

Re: [ietf-dkim] need for clarification

On Jan 27, 2015, at 11:24 AM, A. Schulze s...@andreasschulze.de wrote: Steve Atkins: From operational perspective I experience no drawback using 4k RSA keys for DKIM. How do you know? Not for sure. There was a feature to request reports in opendkim. Some people used that and I got

Re: [ietf-dkim] Final update to 4871bis for working group review

On Jul 7, 2011, at 3:21 PM, John Levine wrote: Will your assume one more From than listed in h= lead to failed verifications on messages that actually follow the advice in the RFC to list duplicate headers in their h= values? The RFC also says you shouldn't sign messages that aren't RFC

Re: [ietf-dkim] Final update to 4871bis for working group review

On Jul 2, 2011, at 9:08 PM, Murray S. Kucherawy wrote: We have a week. Murray will be posting the update (-14) very soon. Please review and comment by 11 July. The update has been posted. For your convenience: http://datatracker.ietf.org/doc/draft-ietf-dkim-rfc4871bis/ You can also

Re: [ietf-dkim] Last Call: draft-ietf-dkim-rfc4871bis-12.txt (DomainKeys Identified Mail (DKIM) Signatures) to Draft Standard

On Jun 24, 2011, at 10:33 AM, Douglas Otis wrote: Complaints from John, Dave, and Barry and others is likely and understandably out of fatigue. They just want the process to be over. We are now hearing there is a vital protocol layering principle at stake which even precludes DKIM

Re: [ietf-dkim] Last Call: draft-ietf-dkim-rfc4871bis-12.txt (DomainKeys Identified Mail (DKIM) Signatures) to Draft Standard

On Jun 24, 2011, at 4:04 PM, Douglas Otis wrote: On 6/24/11 2:43 PM, Steve Atkins wrote: Your current argument is of the form: Doug: X is bad, and could theoretically lead to end-user confusion in one particular obscure replay scenario, given a carefully chosen set of assumptions

Re: [ietf-dkim] New canonicalizations

On May 30, 2011, at 3:23 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Monday, May 30, 2011 9:14 AM To: DKIM List Subject: Re: [ietf-dkim] New canonicalizations

Re: [ietf-dkim] New canonicalizations

On May 29, 2011, at 9:04 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Alessandro Vesely Sent: Saturday, May 28, 2011 9:29 AM To: ietf-dkim@mipassoc.org Subject: Re: [ietf-dkim] New

Re: [ietf-dkim] MLMs and signatures again

On May 26, 2011, at 12:02 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of John R. Levine Sent: Thursday, May 26, 2011 6:40 AM To: Ian Eiloart Cc: DKIM List Subject: Re: [ietf-dkim] DKIM

Re: [ietf-dkim] MLMs and signatures again

On May 26, 2011, at 1:13 PM, Franck Martin wrote: On 5/26/11 12:21 , Steve Atkins st...@wordtothewise.com wrote: In my experience with traditional discussion MLMs (which is the situation we're talking about) if I trust the MLM, I generally don't care about who the participants

Re: [ietf-dkim] MLMs and signatures again

On May 26, 2011, at 1:50 PM, Hector Santos wrote: Steve Atkins wrote: In my experience with traditional discussion MLMs (which is the situation we're talking about) if I trust the MLM, I generally don't care about who the participants are. If by traditional, you mean the members

Re: [ietf-dkim] MLMs and signatures again

On May 26, 2011, at 2:53 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Thursday, May 26, 2011 2:10 PM To: DKIM List Subject: Re: [ietf-dkim] MLMs and signatures again

Re: [ietf-dkim] MLMs and signatures again

On May 26, 2011, at 3:24 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Thursday, May 26, 2011 3:20 PM To: DKIM List Subject: Re: [ietf-dkim] MLMs and signatures again

Re: [ietf-dkim] 8bit downgrades

On May 24, 2011, at 3:55 AM, Ian Eiloart wrote: On 23 May 2011, at 23:10, Franck Martin wrote: There is an interesting post today on http://chilli.nosignal.org/mailman/listinfo/mailop about exim and 8bit It seems they will stop to downgrade. Exim doesn't downgrade. It doesn't

Re: [ietf-dkim] l= statistics was 23 again (sorry John) was Output

On May 9, 2011, at 7:56 AM, Dave CROCKER wrote: On 5/9/2011 7:40 AM, MH Michael Hammer (5304) wrote: I'd like to request that we specifically test for consensus on deprecating l= through the usual +1/-1 approach. No miring, just a vote. This isn't my vote, but a comment: Oddly,

Re: [ietf-dkim] Output summary - Keep your Eye on the Prize!

On May 6, 2011, at 12:09 PM, John R. Levine wrote: this, but I need to get a clear view of consensus. Doug agrees with Hector's note, below, and Dave and Murray do not. I'd like to hear from others within the next few days, about whether you think we should make the change Hector requests

Re: [ietf-dkim] Extensions (was RE: Proposal: Removal of AUID (i= tag/value))

On Apr 7, 2011, at 5:05 AM, Charles Lindsey wrote: On Wed, 06 Apr 2011 21:18:11 +0100, Steve Atkins st...@wordtothewise.com wrote: The only safe way to add proprietary gunk into the dkim-signature header is to add it to the IANA DKIM-Signature tag registry (how does that happen

Re: [ietf-dkim] Proposal: Removal of AUID (i= tag/value)

On Apr 7, 2011, at 5:13 AM, Charles Lindsey wrote: On Wed, 06 Apr 2011 17:29:49 +0100, Steve Atkins st...@wordtothewise.com wrote: As a concrete example, if I wanted to include the authenticated age of each email sender (something the gambling industry might be interested in) then I can

Re: [ietf-dkim] Proposal: Removal of AUID (i= tag/value)

On Apr 6, 2011, at 4:10 AM, Charles Lindsey wrote: On Tue, 05 Apr 2011 11:33:10 +0100, Rolf E. Sonneveld r.e.sonnev...@sonnection.nl wrote: Ad 2. To give some examples of use profiles: * of course, the first thing that comes to mind is to use DKIM as mechanism to build

Re: [ietf-dkim] Proposal: Removal of AUID (i= tag/value)

On Apr 6, 2011, at 9:07 AM, Michael Thomas wrote: On 04/06/2011 08:48 AM, Steve Atkins wrote: That sounds like a fragile way to extend things - leave a little used feature around and hope someone who wants something new hijacks that field in a non-conflicting way instead. (Which may

Re: [ietf-dkim] Extensions (was RE: Proposal: Removal of AUID (i= tag/value))

On Apr 6, 2011, at 11:05 AM, Michael Thomas wrote: On 04/06/2011 10:53 AM, Murray S. Kucherawy wrote: Having cross semantic correlation of what headers mean with the presence of dkim signatures from various different signers seems like a lot more of layer violation to me. That a DKIM

Re: [ietf-dkim] Extensions (was RE: Proposal: Removal of AUID (i= tag/value))

On Apr 6, 2011, at 12:52 PM, Michael Thomas wrote: On 04/06/2011 12:34 PM, Steve Atkins wrote: On Apr 6, 2011, at 11:05 AM, Michael Thomas wrote: \ The alternative would be very squirrelly when you think of the general case of multiple signers in the path. The approach I suggest

Re: [ietf-dkim] Proposal: Removal of AUID (i= tag/value)

On Apr 4, 2011, at 1:21 PM, Franck Martin wrote: I think you are thinking it as only a DNS issue. But creating a sub-domain, means that the from needs to match too, therefore you may need to remap all your corporate email addresses from j...@iecc.com to j...@corp.ieec.com to separate

Re: [ietf-dkim] Work group future

On Apr 3, 2011, at 9:45 AM, Murray S. Kucherawy wrote: I think when it's clear there's no more progress that can be made, you close down and move on. You can always start up a WG later when there's a chance for better progress or new work to be done. Also, having the workgroup still open

Re: [ietf-dkim] Proposed documentation split between DKIM and DOSETA

On Jan 13, 2011, at 2:41 AM, Charles Lindsey wrote: On Wed, 12 Jan 2011 17:10:52 -, Dave CROCKER d...@dcrocker.net wrote: This raise a specific and interesting technical point. I haven't seen a response so far, so... The core of this technology has keys that are named and accessed

Re: [ietf-dkim] Take two (was Re: Proposal for new text about multiple header issues)

On Oct 26, 2010, at 1:49 AM, Hector Santos wrote: I will not pretend to know (nor really care) what it will take to get over this documentation dilemma but I will provide my comments here: Murray S. Kucherawy wrote: 8.14 Malformed Inputs DKIM allows additional header fields to be

Re: [ietf-dkim] Take two (was Re: Proposal for new text about multiple header issues)

On Oct 25, 2010, at 9:58 PM, Murray S. Kucherawy wrote: 8.14 Malformed Inputs DKIM allows additional header fields to be added to a signed message without breaking the signature. This tolerance can be abused, e.g. in a replay attack, by adding additional instances of header fields that

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 24, 2010, at 10:50 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Sunday, October 24, 2010 10:36 PM To: IETF DKIM WG Subject: Re: [ietf-dkim] Proposal for new

Re: [ietf-dkim] wildcards, was Focusing on 4871bis

On Oct 25, 2010, at 8:11 AM, John R. Levine wrote: hangText=NOTE: The use of wildcard TXT records in the DNS will produce a response to a DKIM query that is unlikely to be valid DKIM key record. This problem applies to many other types of queries, and client software that

Re: [ietf-dkim] Statistics about DKIM and MIME

On Oct 25, 2010, at 8:07 AM, John R. Levine wrote: The one that stands out is multipart/signed (from RFC1847) which drops to about a 65% survival rate. I don't know much about how this is typically formatted or treated enroute, but it was easily the biggest outlier in the report. Not

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 25, 2010, at 12:19 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Monday, October 25, 2010 9:56 AM To: IETF DKIM WG Subject: Re: [ietf-dkim] Proposal for new text

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 25, 2010, at 1:58 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Monday, October 25, 2010 12:54 PM To: IETF DKIM WG Subject: Re: [ietf-dkim] Proposal for new text

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 25, 2010, at 5:48 PM, John R. Levine wrote: Isn't the more interesting attack a signature from some throwaway domain that covered a matching From: but also contained a From: indicating some high-value phish target? Not really, no. Signing the From: field means nothing other than

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 24, 2010, at 9:05 PM, Murray S. Kucherawy wrote: Here’s my proposal for a section in Security Considerations to talk about the malformation issues that have been discussed on the list. This is an addition to -02 directly and does not continue from any of the other proposals. I

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 24, 2010, at 9:55 PM, Mark Delany wrote: The universe of email is replete with software that forgives messages which do not conform strictly to the grammar that defines what valid email looks like. This is a long-standing practice known informally as the robustness principle,

Re: [ietf-dkim] Proposal for new text about multiple header issues

On Oct 24, 2010, at 10:15 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Sunday, October 24, 2010 9:54 PM To: IETF DKIM WG Subject: Re: [ietf-dkim] Proposal for new text

Re: [ietf-dkim] Focusing on 4871bis

On Oct 22, 2010, at 8:28 AM, Barry Leiba wrote: 1. How to handle a key record with empty g= and absent v= (section 6.1.2, list item 6). Proposed change: Remove g= altogether, along with all references to it. Surveys of what's out there show vanishingly few cases that use g= with any value

Re: [ietf-dkim] More on layer violations

On Oct 21, 2010, at 9:53 AM, Murray S. Kucherawy wrote: Take a tour through the eleven parts of Section 7 of RFC5451, and then Appendices A and C. They provide all kinds of warnings about misinterpreting the data provided, which amounts to pretty firm implementation advice, and

Re: [ietf-dkim] double header reality check

On Oct 20, 2010, at 3:19 PM, Murray S. Kucherawy wrote: Validating mail syntax belongs in the specification for the mail components and DKIM work belongs in the DKIM components. That's why, layer violation or no, I think it's important to distinguish between format errors that are likely

Re: [ietf-dkim] double header reality check

On Oct 20, 2010, at 6:08 PM, Scott Kitterman wrote: Michael Thomas m...@mtcc.com wrote: On 10/20/2010 04:36 PM, Steve Atkins wrote: On Oct 20, 2010, at 3:19 PM, Murray S. Kucherawy wrote: Validating mail syntax belongs in the specification for the mail components and DKIM work

Re: [ietf-dkim] detecting header mutations after signing

On Oct 18, 2010, at 5:50 PM, John Levine wrote: difference between a green bar SSL page and one with no SSL. I don't want to mess with the MUA at all, but rather use DKIM to help decide what messages to show her and which messages to consign to the junk folder. Why do we think such a

Re: [ietf-dkim] detecting header mutations after signing

On Oct 15, 2010, at 9:50 AM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Charles Lindsey Sent: Friday, October 15, 2010 7:30 AM To: DKIM Subject: Re: [ietf-dkim] detecting header mutations

Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records

On Oct 15, 2010, at 10:58 AM, Barry Leiba wrote: On Fri, Oct 15, 2010 at 1:27 PM, Hector Santos hsan...@isdg.net wrote: Murray S. Kucherawy wrote: I appreciate the desire to put more information in there to help, but we really can't be writing a tutorial on managing DNS records. +1.

Re: [ietf-dkim] detecting header mutations after signing

On Oct 15, 2010, at 1:51 PM, MH Michael Hammer (5304) wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of bill.ox...@cox.com Sent: Friday, October 15, 2010 11:59 AM To: dcroc...@bbiw.net Cc: ietf-dkim@mipassoc.org

Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records

On Oct 15, 2010, at 7:13 PM, John Levine wrote: In this case, we've gone to some lengths to make the environment pure, by using the underscore branch. And then along come these pesky wildcards. Even without wildcards, there's been a variety of broken key records. I would hope it would

Re: [ietf-dkim] ISSUE: 3.6.2.1 - Working with other TXT records

On Oct 15, 2010, at 7:56 PM, Hector Santos wrote: Steve Atkins wrote: I'd think it'd be approximately the same as if the private signing key (the only other mandatory input I can think of at the moment) wasn't present. If it fails, it's broken, I think. There's nothing special about

Re: [ietf-dkim] Last call comment: Changing the g= definition

On Oct 14, 2010, at 4:44 PM, John R. Levine wrote: if for nothing else to ensure that some future DKIM++ doesn't inadvertently reuse g= to mean something else. Isn't that what the IANA registry is there to prevent? I dunno. What does IANA do in cases like these?

Re: [ietf-dkim] FW: An issue with DKIM reporting extensions

On Oct 13, 2010, at 8:07 AM, Rolf E. Sonneveld wrote: or a special selector (e.g. s=notifications), to identify the different nature of this mail stream? No. Never do this. Selectors are an operational convenience for key rotation and ease of domain delegation. They have no semantics

Re: [ietf-dkim] detecting header mutations after signing

On Oct 13, 2010, at 1:59 PM, Mark Delany wrote: It strikes me that a DKIM verifier is already well into the business of 2822 semantics as it knows about headers, header labels, continuation syntax, header/body boundaries and so on. In that light, taking an additional step wrt duplicate

[ietf-dkim] 550 5.7.0 bad DKIM signature data

Anyone recognize 550 5.7.0 bad DKIM signature data? A couple of folks just got bounced off a mailing list due to their MTAs doing that in response to some mail I sent, so I'm interested in what software might do that. Cheers, Steve ___ NOTE WELL:

Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE

On Oct 6, 2010, at 1:47 AM, Mark Delany wrote: That this is not in 4871 seems to be mostly a WG assumption that should be made explicit. I think several of us thought it was in there, but on review it apparently was indeed lost somewhere along the way. We've certainly, as I understand

Re: [ietf-dkim] THIS IS A MULTIPLE 5322.FROM MESSAGE

On Oct 6, 2010, at 3:01 PM, Scott Kitterman wrote: Dave CROCKER d...@dcrocker.net wrote: On 10/6/2010 8:00 AM, Steve Atkins wrote: It also changes what DKIM means, ... Either the message has a valid DKIM signature, or it does not. If the signature is valid, then the signing

Re: [ietf-dkim] Comments on draft-ietf-dkim-implementation-report-01

On Oct 1, 2010, at 8:11 AM, Jeff Macdonald wrote: On Fri, Oct 1, 2010 at 2:48 AM, Murray S. Kucherawy m...@cloudmark.com wrote: The results in Section 4.1.2 mention Author vs. Third-Party. That is more about ADSP than DKIM. True. It should probably come out. It could mean that or

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On Sep 30, 2010, at 4:05 AM, Charles Lindsey wrote: On Wed, 29 Sep 2010 18:52:01 +0100, John Levine jo...@iecc.com wrote: This might be a good time to remind people that MLMs in their current form are not broken, and any proposal that requires them to stop doing something that they're

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

On Sep 28, 2010, at 5:10 AM, Graham Murray wrote: Ian Eiloart i...@sussex.ac.uk writes: Oh, but I already know that my MLM is going to break any message with a signed body. UK law practically mandates the addition of unsubscription information in a message footer. We certainly require it

Re: [ietf-dkim] Discussion lists and broadcast lists are not the same thing

On Sep 28, 2010, at 11:34 AM, J.D. Falk wrote: On Sep 24, 2010, at 11:05 AM, John Levine wrote: Do concepts generalize enough to allow issuing draft-ietf-dkim-mailinglists also for these authoring MLMs? No. All of the complications in mailing lists arise from the fact that the author

Re: [ietf-dkim] Who signs what

On Sep 16, 2010, at 8:32 AM, Jeff Macdonald wrote: On Thu, Sep 16, 2010 at 10:31 AM, MH Michael Hammer (5304) mham...@ag.com There was a (hard won) consensus that a signature by the owner/admin of a domain carries more weight than the signature of a 3rd party because the owner/admin of the

Re: [ietf-dkim] Who signs what

On Sep 16, 2010, at 10:24 AM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of Jeff Macdonald Sent: Thursday, September 16, 2010 8:32 AM To: DKIM List Subject: Re: [ietf-dkim] Who signs what

Re: [ietf-dkim] Who signs what

On Sep 16, 2010, at 10:52 AM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Thursday, September 16, 2010 10:39 AM To: DKIM List Subject: Re: [ietf-dkim] Who signs what

Re: [ietf-dkim] Who signs what

On Sep 16, 2010, at 11:18 AM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Thursday, September 16, 2010 11:08 AM To: DKIM List Subject: Re: [ietf-dkim] Who signs what

Re: [ietf-dkim] DKIM+ADSP = FAIL, and it's our fault

On Sep 15, 2010, at 8:30 AM, McDowell, Brett wrote: On Sep 15, 2010, at 11:02 AM, Jeff Macdonald wrote: On Wed, Sep 15, 2010 at 10:43 AM, McDowell, Brett bmcdow...@paypal-inc.com wrote: On Sep 15, 2010, at 12:11 AM, Murray S. Kucherawy wrote: Based on that (rather precise)

Re: [ietf-dkim] DKIM+ADSP = FAIL, and it's our fault

On Sep 14, 2010, at 12:35 PM, J.D. Falk wrote: ...but not for the reasons the anti-ADSP folks keep bringing up. DKIM is failing because every discussion about actually /using/ DKIM inevitably gets stuck in the same old argument about ADSP. Doesn't even matter what the argument is about

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

On Sep 10, 2010, at 11:27 AM, Charles Lindsey wrote: On Fri, 03 Sep 2010 15:15:37 +0100, Hector Santos hsan...@isdg.net wrote: I think you need to better appreciate and understand how fundamental the Message From field for any forms of communications and/or mail networks is. It would be a

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

On Sep 10, 2010, at 2:31 PM, Scott Kitterman wrote: On Friday, September 10, 2010 03:17:47 pm Steve Atkins wrote: On Sep 10, 2010, at 11:27 AM, Charles Lindsey wrote: On Fri, 03 Sep 2010 15:15:37 +0100, Hector Santos hsan...@isdg.net wrote: I think you need to better appreciate

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

On Sep 10, 2010, at 3:46 PM, Scott Kitterman wrote: On Friday, September 10, 2010 06:37:46 pm Steve Atkins wrote: On Sep 10, 2010, at 2:31 PM, Scott Kitterman wrote: I don't think it inoculates them against ADSP problems - rather it opens them up to violations of the security model

Re: [ietf-dkim] Key rotation

On Sep 9, 2010, at 11:12 AM, McDowell, Brett wrote: On Sep 4, 2010, at 9:31 PM, Steve Atkins wrote: The whole point of rotating keys is so that loss of an old private key isn't a risk. Given that, I think that even if you're fairly sure that a key pair hasn't been compromised then you

Re: [ietf-dkim] Key rotation

On Sep 9, 2010, at 9:57 AM, Mark Martinec wrote: Mark Delany wrote: I believe the general thrust is that DKIM keys are ephemeral so no one should rely on there long-term presence. [...] With each key there is an associated selector:domain pair, so with a key rotation comes the change of a

Re: [ietf-dkim] DKIM-RCVD I-D

On Sep 5, 2010, at 1:10 PM, Hector Santos wrote: In 2006, I submitted the I-D http://tools.ietf.org/html/draft-santos-dkim-rcvd-00 Is there any interest for me to renew this I-D to help address some of the possible time-shifting issues related key expiration and revocation as

Re: [ietf-dkim] Key rotation

On Sep 4, 2010, at 2:55 PM, Mark Delany wrote: On Sat, Sep 04, 2010 at 01:41:41PM -0700, Steve Atkins allegedly wrote: Do we have any thoughts on 1. how often keys might sensibly be rotated and 2. how long public keys should remain visible after the private key has been rotated out? I

Re: [ietf-dkim] (OT) Forwarding, was draft-ietf-dkim-mailinglists-02 review

On Sep 2, 2010, at 10:39 AM, Alessandro Vesely wrote: On 02/Sep/10 00:15, Steve Atkins wrote: I develop code that receives email to one address and forwards it on to another address. It's not intended for use as an MLM, but it does have a number of optional features in common - modifying

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

On Sep 1, 2010, at 7:24 AM, Michael Thomas wrote: I'll cheerfully give up references to S/MIME, if other people will give up on telling software developers how to rewrite MLMs to do things they've never done before. Frankly, the best possible advice we can give is to tell people to sign

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

On Sep 1, 2010, at 2:49 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Wednesday, September 01, 2010 1:47 PM To: DKIM List Subject: Re: [ietf-dkim] draft-ietf-dkim

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

On Sep 1, 2010, at 3:26 PM, Michael Thomas wrote: On 09/01/2010 02:49 PM, Murray S. Kucherawy wrote: If your goal is to have MLM developers rewrite their perfectly working code to work around the fundamental flaws in ADSP - a protocol nobody other than bulk mailers is interested in, and

Re: [ietf-dkim] Mailing lists and s/mime dkim signatures - mua considerations

On Aug 24, 2010, at 10:23 AM, Mark Delany wrote: On Tue, Aug 24, 2010 at 09:45:20AM -0400, Wietse Venema allegedly wrote: Hector Santos: IMO, it is these statements that continues to raise confusion and raise the barrier of industry wide adoption that includes the general population of MTA

Re: [ietf-dkim] Mailing lists and s/mime dkim signatures - mua considerations

On Aug 24, 2010, at 1:30 PM, Mark Delany wrote: As a part-time MTA developer I am not confused. The DKIM signature provides a simple piece of trace information (I handled this mail) that is cryptographically bound to some header and body content. Yes. And that the obverse is possible: I

Re: [ietf-dkim] What can we ask mailing lists to do?

On Aug 24, 2010, at 6:35 PM, John R. Levine wrote: may I suggest we stop here for a moment and get back to the original question, which in essence was: should a 1st signer DKIM signature be preserved 'coûte que coûte' when a message is handled by a MLM, or not. It shouldn't, at least not if

Re: [ietf-dkim] marketing dkim

On Aug 18, 2010, at 6:59 PM, Daniel Black wrote: I've got a presentation slot for DKIM at APNIC next week to a bunch of ISPs. My current plan for a talk is: * DKIM is a really well developed standard for signing email It's not really for signing mail. It's for attaching a persistent

Re: [ietf-dkim] marketing dkim

On Aug 19, 2010, at 12:56 PM, Stephen Farrell wrote: Folks, Please. Let's get back to the work at hand and not spend time on this, Encouraging use of DKIM, and avoiding confusion between ADSP flaws and DKIM flaws is a big part of the work at hand, I think. If it's not, it should be.

Re: [ietf-dkim] Straw poll results

On Aug 9, 2010, at 1:26 PM, Scott Kitterman wrote: On Monday, August 09, 2010 04:11:57 pm John R. Levine wrote: Why do you simplify handling of list mail to sorting and filtering, ignoring two other important list handling activities: 1. reading mail 2. responding to mail Well, OK.

Re: [ietf-dkim] Straw poll results

On Aug 9, 2010, at 3:13 PM, Scott Kitterman wrote: This assumes mail from MLMs is treated differently than other mail. While individual users may (and probably do) treat it differently, receivers of non- trivial scale don't and can't. I agree, in general. One implication of that is that

[ietf-dkim] Repeating the SPF/SRS mistakes (was Straw poll results

On Aug 9, 2010, at 4:31 PM, Scott Kitterman wrote: On Monday, August 09, 2010 06:52:04 pm Steve Atkins wrote: One implication of that is that if you're planning to do something with email that will break if there's a MLM involved, it's broken[1]. Cheers, Steve [1] We could call

Re: [ietf-dkim] Repeating the SPF/SRS mistakes (was Straw poll results

On Aug 9, 2010, at 4:54 PM, Dave CROCKER wrote: On 8/9/2010 4:42 PM, Steve Atkins wrote: 4. Write off ADSP as broken, do something useful instead. A less hostile and possibly more productive phrasing of this is: 4. Accept that ADSP has a tightly constrained range of use

Re: [ietf-dkim] Mailing list reality check

On Aug 4, 2010, at 9:51 AM, John Levine wrote: I'd like to back up a minute and try to understand better what (if any) problem we're trying to solve here. So here is a straw poll. Assuming you do any sorting of inbound mail at all, how do you treat mail from lists to which you have

Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests

On Aug 4, 2010, at 2:47 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of Dave CROCKER Sent: Wednesday, August 04, 2010 2:10 PM To: ietf-dkim@mipassoc.org Subject: Re: [ietf-dkim] Clarifying

Re: [ietf-dkim] Feedback on draft-ietf-dkim-mailinglists for discussion

On Aug 2, 2010, at 11:13 AM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of Jeff Macdonald Sent: Monday, August 02, 2010 10:53 AM To: DKIM List Subject: Re: [ietf-dkim] Feedback on

Re: [ietf-dkim] MLMs and the use of multipart/alternative to preserve original DKIM signature and at the same time add a new DKIM signature

On Aug 2, 2010, at 3:37 PM, Rolf E. Sonneveld wrote: Hi, all in the light of the discussion about draft-ietf-dkim-mailinglists I'd like to propose an alternative way to solve the MLM dilemma on how to deal with original DKIM signature/message versus sending out a modified version of

Re: [ietf-dkim] Alternative MAiling List Approach

On Jul 30, 2010, at 12:26 AM, Murray S. Kucherawy wrote: -Original Message- From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- boun...@mipassoc.org] On Behalf Of Steve Atkins Sent: Thursday, July 29, 2010 8:56 PM To: DKIM List Subject: Re: [ietf-dkim] Alternative MAiling List

Re: [ietf-dkim] Alternative MAiling List Approach

On Jul 29, 2010, at 9:46 AM, Alessandro Vesely wrote: On 29/Jul/10 13:21, Charles Lindsey wrote: The REAL cause of the problem is that From: line. My proposal is that MLM should change the From: header in such a way that the mail appears to have come from MLM.example and not from

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00 (fwd)

On Jul 29, 2010, at 11:53 AM, J.D. Falk wrote: On Jul 29, 2010, at 5:09 PM, Ian Eiloart wrote: --On 26 July 2010 18:24:34 +0200 J.D. Falk jdfalk-li...@cybernothing.org wrote: I think it's because, when you implement most protocols, if your end is broken then you can't even talk to the

Re: [ietf-dkim] Alternative MAiling List Approach

On Jul 29, 2010, at 3:45 PM, Murray S. Kucherawy wrote: Should the MLM draft suggest From: replacement and addition of Reply-To: as a specific example of DKIM-friendly MLM behavior? No. DKIM doesn't really say much about either the From: address or the Reply-To: address, so such a

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00(fwd)

On Jun 25, 2010, at 11:39 AM, John R. Levine wrote: We seem to agree that discard means throw away. Evidently. But I do have the advantage of knowing what I meant when I wrote the section we're arguing about. This is, I think, the third or fourth time we've been through the what does

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00(fwd)

On Jun 24, 2010, at 8:21 AM, Michael Thomas wrote: On 06/24/2010 07:49 AM, John Levine wrote: Are you making the assumption that all third party lists would be equally credible? That's no more likely than all DNSBLs being equally credible. In both cases, the good ones will make sure

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00(fwd)

On Jun 24, 2010, at 8:45 AM, Martijn Grooten wrote: So why does a domain that performs that painful audit and remediation need to then tell John's drop list that it's OK to drop unsigned mail? It doesn't. It can just publish an ADSP record and be done with it. No need to count on some

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00(fwd)

On Jun 24, 2010, at 10:03 AM, MH Michael Hammer (5304) wrote: If an organization doesn't understand the implications of publishing ADSP (or doing anything else for that matter) then the basic damage done is to themselves and their users. Their domain, their problem. ... and the problem of

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 4:50 AM, Ian Eiloart wrote: --On 27 May 2010 14:57:06 -0700 Steve Atkins st...@wordtothewise.com wrote: Legitimate email from paypal: 72% rejected by ADSP 28% not rejected Phishing emails using paypal in the From line: 39% rejected by ADSP 61

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists BCP draft review)

On Jun 2, 2010, at 8:08 AM, Al Iverson wrote: On Wed, Jun 2, 2010 at 9:48 AM, John R. Levine jo...@iecc.com wrote: given the recent discussions, it seems to me that people want to have a definition of what 'discard' means in the context as described above. As a non-native English speaker (or

  1   2   3   4   >