Dave CROCKER wrote:
> On 10/1/2010 1:27 PM, McCann Peter-A001034 wrote:
>> The fundamental problem with the current situation is that the
>> authenticated identity is not displayed and the displayed identity is
>> not authenticated.
>
>
> Forgive my pursuing it in this fashion, but I'd class that
On Sun, 03 Oct 2010 07:13:55 +0100, Michael Deutschmann
wrote:
> And there's the rub. The problem is that a major threat we anticipate,
> is that should a means be added to append a footer without breaking the
> signature, bad guys will find short legitimate messages and replay them
> with a f
I'm really having trouble understanding what problem you're trying to
solve here. Could you describe it in under 100 words?
I think I understand the problems that people see with lists and ADSP, so
please just explain what the problem is with lists and DKIM. You can
assume that lists will pu
On 10/2/10 11:13 PM, Michael Deutschmann wrote:
> On Tue, 28 Sep 2010, Steve Atkins wrote:
>> Putting it in the List-Unsubscribe header that's not displayed
>> to recipients is pretty much equivalent to putting it in the X-Bamboozle
>> header that's not displayed to recipients when it comes to di
On Tue, 28 Sep 2010, Steve Atkins wrote:
> Putting it in the List-Unsubscribe header that's not displayed
> to recipients is pretty much equivalent to putting it in the X-Bamboozle
> header that's not displayed to recipients when it comes to displaying
> legally required content to recipients.
And
Dave CROCKER wrote:
>
> On 10/1/2010 1:27 PM, McCann Peter-A001034 wrote:
>> The fundamental problem with the current situation is that the
>> authenticated identity is not displayed and the displayed identity
>> is not authenticated.
>
>
> Forgive my pursuing it in this fashion, but I'd class t
On 10/1/2010 1:27 PM, McCann Peter-A001034 wrote:
> The fundamental problem with the current situation is that the
> authenticated identity is not displayed and the displayed identity
> is not authenticated.
Forgive my pursuing it in this fashion, but I'd class that as a first
derivative, rath
Jeff Macdonald wrote:
> On Thu, Sep 30, 2010 at 9:19 PM, Douglas Otis
> wrote:
>> Is there a safe way to shift DKIM signature compliance based upon the
>> From header field to that of the Sender header field?
>
> We've avoided the Sender header because most folks are confused when
> Outlook sa
On Thu, Sep 30, 2010 at 9:19 PM, Douglas Otis wrote:
> Is there a safe way to shift DKIM signature compliance based upon the
> From header field to that of the Sender header field?
We've avoided the Sender header because most folks are confused when
Outlook says "on behalf of". And not all MUAs
On 9/30/10 8:15 AM, Steve Atkins wrote:
>
> On Sep 30, 2010, at 4:05 AM, Charles Lindsey wrote:
> > On Wed, 29 Sep 2010 18:52:01 +0100, John Levine
> > wrote:
> >
> >> I was thinking of the various proposals to rewrite From:
> >> addresses, to outlaw subject tags and message footers, and
> >> o
On Sep 30, 2010, at 4:05 AM, Charles Lindsey wrote:
> On Wed, 29 Sep 2010 18:52:01 +0100, John Levine wrote:
>
This might be a good time to remind people that MLMs in their
current form are not broken, and any proposal that requires them to
stop doing something that they're curre
On Wed, 29 Sep 2010 18:52:01 +0100, John Levine wrote:
>>> This might be a good time to remind people that MLMs in their
>>> current form are not broken, and any proposal that requires them to
>>> stop doing something that they're currently doing, like rewriting
>>> messages or adding message tag
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of John Levine
> Sent: Wednesday, September 29, 2010 10:52 AM
> To: ietf-dkim@mipassoc.org
> Cc: ietf-d...@kitterman.com
> Subject: Re: [ietf-dkim] Corner
>>This might be a good time to remind people that MLMs in their
>>current form are not broken, and any proposal that requires them to
>>stop doing something that they're currently doing, like rewriting
>>messages or adding message tags, is a non-starter.
>Since nothing requires anyone do anything
"John R. Levine" wrote:
>> The law requires that there be an easy to use address for unsubscribing.
>> The List-unsubscribe header: would do the job nicely, if the majority of
>> people were using mail clients that expose it by default. I don't know of
>> any mail client which does that.
>
>pin
> The law requires that there be an easy to use address for unsubscribing.
> The List-unsubscribe header: would do the job nicely, if the majority of
> people were using mail clients that expose it by default. I don't know of
> any mail client which does that.
pine/alpine does, but I agree, most M
On 28/Sep/10 12:59, Ian Eiloart wrote:
> --On 27 September 2010 19:26:37 +0200 Alessandro Vesely
> wrote:
>
>> Now the MLM does its editing job. It knows the original message was
>> signed, so it makes sense to verify if the signature is still good
>> after any changes have been applied. In ca
--On 28 September 2010 13:10:51 +0100 Graham Murray
wrote:
> Ian Eiloart writes:
>
>> Oh, but I already know that my MLM is going to break any message with a
>> signed body. UK law practically mandates the addition of unsubscription
>> information in a message footer. We certainly require it
On Sep 28, 2010, at 5:10 AM, Graham Murray wrote:
> Ian Eiloart writes:
>
>> Oh, but I already know that my MLM is going to break any message with a
>> signed body. UK law practically mandates the addition of unsubscription
>> information in a message footer. We certainly require it locally.
Ian Eiloart writes:
> Oh, but I already know that my MLM is going to break any message with a
> signed body. UK law practically mandates the addition of unsubscription
> information in a message footer. We certainly require it locally.
Why does it have to be in the footer when (for many MLMs)
--On 27 September 2010 19:26:37 +0200 Alessandro Vesely
wrote:
>
> Now the MLM does its editing job. It knows the original message was
> signed, so it makes sense to verify if the signature is still good
> after any changes have been applied. In case verification fails, it
> shouldn't try to
--On 28 September 2010 01:09:07 -0700 Michael Deutschmann
wrote:
> On 2010-09-27, John R. Levine wrote:
>> And since this group seems to be obsessed with arcane corner cases,
>> what do you do with a discardable message if it's sent to two addresses,
>> one of which is a mailing list and one o
--On 27 September 2010 11:39:43 -0700 Dave CROCKER wrote:
>
>
> On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote:
>>> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
>>> boun...@mipassoc.org] On Behalf Of John R. Levine
> ...
>>> It is not my impression that they all do the full DKIM va
--On 27 September 2010 23:05:46 -0400 "John R. Levine"
wrote:
>
> For Ian, I'm still wondering if he's yet implemented a setup which knows
> at SMTP time what addresses deliver to mailing lists so it knows whether
> to reject or discard on ADSP failures. Still seems like a lot of work
> for
--On 27 September 2010 11:07:41 -0400 "John R. Levine"
wrote:
>
> That seems an awful lot of work to do with the connection open to deal
> with what is unlikely to be more than a rare misconfiguration.
You recommend a particular course of action (discarding) for dealing with
ADSP/MLM problem
On 27 Sep 2010, John R. Levine wrote:
> I hadn't realized how many medium-sized MTAs do their DKIM during the
> SMTP session. You learn something new every day. It still sounds like a
> design that *requires* that an MTA do DKIM at SMTP time would present a
> problem for some mail systems too lar
On 2010-09-27, John R. Levine wrote:
> And since this group seems to be obsessed with arcane corner cases,
> what do you do with a discardable message if it's sent to two addresses,
> one of which is a mailing list and one of which isn't?
That's a trivial specific case, of a general problem import
> -Original Message-
> From: John R. Levine [mailto:jo...@iecc.com]
> Sent: Monday, September 27, 2010 8:06 PM
> To: Murray S. Kucherawy
> Cc: DKIM List
> Subject: Re: [ietf-dkim] Corner cases and loose ends, was , draft-
> vesely-dkim-joint-sigs
>
> > That n
> That said, there's a lot of agreement that filtering during SMTP is better
> than accept-and-then-deal-with-it approaches. (cf. RFC5451, Appendix C)
> Unfortunately post-DATA rejection is the only way that can be done, short of
> changes to SMTP in the way of yet another extension that would
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Dave CROCKER
> Sent: Monday, September 27, 2010 11:40 AM
> To: DKIM List
> Subject: Re: [ietf-dkim] Corner cases and loose ends, was ,
> draft-v
On Mon, Sep 27, 2010 at 11:39:43AM -0700, Dave CROCKER allegedly wrote:
>
>
> On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote:
> >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
> >> boun...@mipassoc.org] On Behalf Of John R. Levine
> ...
> >> It is not my impression that they all do t
John R. Levine wrote:
>> Ignorance is bliss, I guess, especially when it comes to pontificates.
>> That's what every implementation of DKIM for MTA's, both open source and
>> commercial that I'm aware of does, though some do and don't do the ADSP
>> lookup. News at 11: email is still delivered, wit
On 9/27/2010 11:04 AM, Murray S. Kucherawy wrote:
>> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
>> boun...@mipassoc.org] On Behalf Of John R. Levine
...
>> It is not my impression that they all do the full DKIM validation while
>> the SMTP session is open. Mine doesn't.
>
> The milt
On 09/27/2010 11:17 AM, Al Iverson wrote:
> On Mon, Sep 27, 2010 at 1:05 PM, Michael Thomas wrote:
>> On 09/27/2010 10:58 AM, Michael Thomas wrote:
>>> On 09/27/2010 10:38 AM, John R. Levine wrote:
> Ignorance is bliss, I guess, especially when it comes to pontificates.
> That's what every
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Al Iverson
> Sent: Monday, September 27, 2010 11:18 AM
> To: DKIM List
> Subject: Re: [ietf-dkim] Corner cases and loose ends, was ,
> draft-vesely-dkim
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
> boun...@mipassoc.org] On Behalf Of John R. Levine
> Sent: Monday, September 27, 2010 10:38 AM
> To: Michael Thomas
> Cc: DKIM List
> Subject: Re: [ietf-dkim] Corner cases and loose ends,
On Mon, Sep 27, 2010 at 1:05 PM, Michael Thomas wrote:
> On 09/27/2010 10:58 AM, Michael Thomas wrote:
>> On 09/27/2010 10:38 AM, John R. Levine wrote:
Ignorance is bliss, I guess, especially when it comes to pontificates.
That's what every implementation of DKIM for MTA's, both open sou
On 27/Sep/10 17:07, John R. Levine wrote:
>>> Good point. So it's two things, lists should sign outgoing mail, and
>>> discard any incoming mail with dkim=discardable.
>>
>> No, they should reject the email at SMTP time. The email is NOT
>> discardable when it arrives at the MLM. Rejection at SMTP
On 09/27/2010 10:58 AM, Michael Thomas wrote:
> On 09/27/2010 10:38 AM, John R. Levine wrote:
>>> Ignorance is bliss, I guess, especially when it comes to pontificates.
>>> That's what every implementation of DKIM for MTA's, both open source and
>>> commercial that I'm aware of does, though some do
On 09/27/2010 10:38 AM, John R. Levine wrote:
>> Ignorance is bliss, I guess, especially when it comes to pontificates.
>> That's what every implementation of DKIM for MTA's, both open source and
>> commercial that I'm aware of does, though some do and don't do the ADSP
>> lookup. News at 11: email
> Ignorance is bliss, I guess, especially when it comes to pontificates.
> That's what every implementation of DKIM for MTA's, both open source and
> commercial that I'm aware of does, though some do and don't do the ADSP
> lookup. News at 11: email is still delivered, with little to no observable
Ignorance is bliss, I guess, especially when it comes to pontificates.
That's what every implementation of DKIM for MTA's, both open source and
commercial that I'm aware of does, though some do and don't do the ADSP
lookup. News at 11: email is still delivered, with little to no observable
impact.
Good point. So it's two things, lists should sign outgoing mail, and
discard any incoming mail with dkim=discardable.
No, they should reject the email at SMTP time. The email is NOT discardable
when it arrives at the MLM. Rejection at SMTP time does no harm, and gives
the sender an opportunit
--On 24 September 2010 20:10:15 -0400 "John R. Levine"
wrote:
>> It may be tiny, but users will not tolerate the total destruction of
>> mailing list traffic, which is the inevitable result of any ADSP use at
>> both ends which is sufficent to block actual forgeries (without using
>> whitelist
On 27 Sep 2010, John R. Levine wrote:
> > A reasonable interpretation of the RFC is that "dkim=all" still indicates
> > that all mail with no signature is bogus
>
> No. If that's what we meant, that's what we would have said.
I base that on section B.1, which specifically mentions mailing lists a
> A reasonable interpretation of the RFC is that "dkim=all" still indicates
> that all mail with no signature is bogus
No. If that's what we meant, that's what we would have said.
R's,
John
___
NOTE WELL: This list operates according to
http://mipasso
On 26 Sep 2010, John R. Levine wrote:
> No, of course not. I've already adjusted my list software to put DKIM
> list signatures on outgoing mail. It was no big deal. I haven't done
> anything with ADSP because, to several decimal places, nobody uses ADSP.
I was suggesting the From: hackery as a
One thought - If lists are going to spend any time paying special
attention to DKIM, it would be easier for them to just always rewrite the
headers like so:
No, of course not. I've already adjusted my list software to put DKIM
list signatures on outgoing mail. It was no big deal. I haven't d
On 24 Sep 2010, John R. Levine wrote:
> Good point. So it's two things, lists should sign outgoing mail, and
> discard any incoming mail with dkim=discardable.
One thought - If lists are going to spend any time paying special
attention to DKIM, it would be easier for them to just always rewrite t
On 9/24/10 3:46 PM, Michael Deutschmann wrote:
>> On 23/Sep/10 21:16, John R. Levine wrote:
>>> All of this emphasis on complex designs for MLMs strikes me as a waste
>>> of time, since it's a tiny corner of the mail space that has not
>>> historically been a vector for abuse, and shows no sign o
On 24 Sep 2010, John R. Levine wrote:
> Since RFC 5617 says that discardable domains should not send mail to
> lists, nobody who can read should be affected by that.
But that means DKIM/ADSP gets deployed so rarely at the sender side, that
it could just as well not exist. And that still leaves th
>>> All of this emphasis on complex designs for MLMs strikes me as a waste
>>> of time, since it's a tiny corner of the mail space that has not
>>> historically been a vector for abuse, and shows no sign of becoming one.
>
> It may be tiny, but users will not tolerate the total destruction of
> mai
> On 23/Sep/10 21:16, John R. Levine wrote:
> > All of this emphasis on complex designs for MLMs strikes me as a waste
> > of time, since it's a tiny corner of the mail space that has not
> > historically been a vector for abuse, and shows no sign of becoming one.
It may be tiny, but users will no
On 23/Sep/10 21:16, John R. Levine wrote:
> All of this emphasis on complex designs for MLMs strikes me as a waste
> of time, since it's a tiny corner of the mail space that has not
> historically been a vector for abuse, and shows no sign of becoming one.
>
> That's why my advice is that lists sho
54 matches
Mail list logo
