Friends,
Let it never be said that I am inflexible and can't change my mind
from good arguments.
After a restless night thinking about this, I am going to change my
thoughts just slightly.
All email that has a munged sig or no sig that comes from an I sign
all domain should be expected not to
Again - this raises no new technical issue. So, let's please
wait and work on reqs-00's text,
Stephen.
Damon wrote:
Friends,
Let it never be said that I am inflexible and can't change my mind
from good arguments.
After a restless night thinking about this, I am going to change my
thoughts
S..
How's the weather?
Nice and HOT here in Atlanta :)
Damon
On 8/8/06, Stephen Farrell [EMAIL PROTECTED] wrote:
Again - this raises no new technical issue. So, let's please
wait and work on reqs-00's text,
Stephen.
Damon wrote:
Friends,
Let it never be said that I am
Since someone who doesn't sign anything wouldn't publish any keys, how
could this possibly be useful? Where would these rogue signatures
come from, and how is a recipient going to verify a signature that has
no key record?
This was put in because I was reading threads where they wanted to
On 8/8/06, Damon [EMAIL PROTECTED] wrote:
Since someone who doesn't sign anything wouldn't publish any keys, how
could this possibly be useful? Where would these rogue signatures
come from, and how is a recipient going to verify a signature that has
no key record?
This was put in
This strikes me as more repetition. Please justify why its
not and/or recast it specifically addressing our requirements
draft.
We need to move beyond everyone's favorite idea of what's a
good idea and onto something that garners wider support.
Stephen.
Damon wrote:
On 8/8/06, Damon [EMAIL
Santos [EMAIL PROTECTED] wrote:
- Original Message -
From: Dave Crocker [EMAIL PROTECTED]
To: ietf-dkim@mipassoc.org
Sent: Sunday, August 06, 2006 5:37 PM
Subject: Re: [ietf-dkim] I sign everything is not a useful policy
Rather than cross over the line into that bit of architecturally
On Sat, 5 Aug 2006 20:48:05 -0400 [EMAIL PROTECTED] wrote:
An invalid signature is not unsigned, but we are not discussing that
policy point yet :-)
OK. If you have a useful distinction that can be made without creating a
trivially exploitable trivial hole, I think that now, when requirements
If I choose to deliver unsigned mail that purports to be from a domain that
says
it signs everything, but I mark it up with flashing lights that say spoofed
do
you want that to be a protocol violation? What about my choosing to send it to
my sysadmin for special handling for spoofed mail?
- Original Message -
From: Mark Delany [EMAIL PROTECTED]
To: ietf-dkim@mipassoc.org
Sent: Sunday, August 06, 2006 8:38 AM
Subject: Re: [ietf-dkim] I sign everything is not a useful policy
DKIM+SSP is defining damaged.
+1
SSP does not attempt to evaluate the reputation of the sender
Scott Kitterman wrote:
On Sat, 05 Aug 2006 19:21:59 -0700 Dave Crocker [EMAIL PROTECTED] wrote:
A signer should not direct the evaluator what is to be done with that
information.
Is anyone arguing that they should? Setting expectations does not equal
direction.
Yes, a
On Aug 6, 2006, at 8:26 AM, Michael Thomas wrote:
Scott Kitterman wrote:
On Sat, 05 Aug 2006 19:21:59 -0700 Dave Crocker [EMAIL PROTECTED]
wrote:
A signer should not direct the evaluator what is to be done with
that information.
Is anyone arguing that they should? Setting
Arvel: I'm pretty sure that Altn.com signs all of its mail. If that's
the case, then why are you publishing this SSP record:
_policy._domainkey.altn.com text o=~; [EMAIL PROTECTED]
I suspect we could probably change that now.
My postmaster had asked for a relaxed policy during the past year
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Crocker
Sent: Sunday, August 06, 2006 5:38 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] I sign everything is not a useful policy
Mark Delany wrote:
If I choose to deliver unsigned mail that purports to be from a
domain that says
PROTECTED]
Sent: Sunday, August 06, 2006 7:26 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: ietf-dkim@mipassoc.org
Subject: RE: [ietf-dkim] I sign everything is not a useful policy
On Sun, 6 Aug 2006 [EMAIL PROTECTED] wrote:
Why not take an AIN approach? An SSP query to determine how to route
On Sun, 6 Aug 2006 [EMAIL PROTECTED] wrote:
Why not take an AIN approach? An SSP query to determine how to route the
message, with additional signatures, without and directly?
AIN?
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
___
NOTE WELL:
- Original Message -
From: Dave Crocker [EMAIL PROTECTED]
To: ietf-dkim@mipassoc.org
Sent: Sunday, August 06, 2006 5:37 PM
Subject: Re: [ietf-dkim] I sign everything is not a useful policy
Rather than cross over the line into that bit of architecturally
experimental specification, why
I sign all: Your users and my business may be harmed by accepting
unverified mail claiming to originate from my domain. It is in our
mutual interest for you to not deliver such mail to your users.
I am an adult of voting age and accept the possibility that
deliverability of my traffic may
I sign all: Your users and my business may be harmed by accepting
unverified mail claiming to originate from my domain. It is in our
mutual interest for you to not deliver such mail to your users.
I am an adult of voting age and accept the possibility that
deliverability of my traffic may reduce
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Levine
Sent: Saturday, August 05, 2006 1:41 PM
To: ietf-dkim@mipassoc.org
Cc: [EMAIL PROTECTED]
Subject: Re: [ietf-dkim] I sign everything is not a useful policy
I sign all: Your users and my business may be harmed
On Sat, Aug 05, 2006 at 04:57:23PM -0700, Dave Crocker allegedly wrote:
John L wrote:
Your assertion in the subject is an opinion. I find the statement below
to be useful.
I think we have a subtle point here.
I sign everything so please discard unsigned mail apparently from me
Mark Delany wrote:
On Sat, Aug 05, 2006 at 06:06:59PM -0700, Dave Crocker allegedly wrote:
Seriously. SSP can be entirely useful when stated in terms of the sender's
perspective. It does not need to pretend that is knows enough to give
directions to an evaluator.
Sorry for being
://www.santronics.com
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; ietf-dkim@mipassoc.org
Sent: Sunday, August 06, 2006 12:23 AM
Subject: RE: [ietf-dkim] I sign everything is not a useful policy
Hector,
The engineering part is easy, what is extremely
What seems abundantly clear is that the unqualified policy I sign
everthing
is not useful as is, and is most likely harmful due to differences in
the way
that people interpret what that statement means.
I invite people for the requirements to make *precise* statements of the
fully qualified
On 8/4/06, Michael Thomas [EMAIL PROTECTED] wrote:
What seems abundantly clear is that the unqualified policy I sign
everthing
is not useful as is, and is most likely harmful due to differences in
the way
that people interpret what that statement means.
I invite people for the requirements to
Software, Inc.
http://www.santronics.com
- Original Message -
From: Michael Thomas [EMAIL PROTECTED]
To: IETF DKIM pre-WG ietf-dkim@mipassoc.org
Sent: Friday, August 04, 2006 5:58 PM
Subject: [ietf-dkim] I sign everything is not a useful policy
What seems abundantly clear
-dkim] I sign everything is not a useful policy
On Fri, Aug 04, 2006 at 02:58:30PM -0700, Michael Thomas allegedly
wrote:
I invite people for the requirements to make *precise* statements of
the
fully qualified meaning in their heads about I sign everything, and
preferably in a sentence or less
27 matches
Mail list logo