[ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Hector Santos wrote: > IMV, ADSP is only broken in that it didn't allow you to declare you > were allowing mipassoc.org to sign for you or in general > >"My Mail Is Always Signed - by me or someone else." > By the way Alessandro, you could explore ADSP/ATPS support from your record.

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> Hector stated: >> I think this message by Barry in March 2009 summarizing a conference >> call between Pasi, Stephen and Barry nicely captures the upper/lower >> layers, ADSP, i= and outputs conflicts that continue today: >> >> http://mipassoc.org/pipermail/ietf-d

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 4/30/2011 9:10 PM, Hector Santos wrote: > So perhaps to help shut down this ambiguity we should add a DKIM > terminology to clearly separate it from AUID. > > 3.x Originating Domain Identity (ODID) > > The ODID is the domain part of the From: address. This identity > MAY be consi

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Hector Santos [mailto:hsan...@isdg.net] > Sent: Saturday, April 30, 2011 9:10 PM > To: Murray S. Kucherawy > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain > Identity" &

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> -Original Message- >> But what it did most of for me (yesterday) was highlight the confusion >> with AUID with the lack of an official DKIM label for an Originating >> Domain Identity. I guess I was moving forward the past year with >> integrating DKIM into o

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave CROCKER wrote: > In other words, DKIM has nothing to do with the rfc5321.From field, and > therefore it is entirely inappropriate -- that is, out of scope -- for > the specification to suggest dealing with it. > > At least, please show working group rough consensus support for doing > wha

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave CROCKER wrote: > > On 4/30/2011 9:10 PM, Hector Santos wrote: >> So perhaps to help shut down this ambiguity we should add a DKIM >> terminology to clearly separate it from AUID. >> >> 3.x Originating Domain Identity (ODID) >> >> The ODID is the domain part of the From: address. Thi

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Michael Thomas wrote: > Dave CROCKER wrote: >> >> On 4/30/2011 9:10 PM, Hector Santos wrote: >>> So perhaps to help shut down this ambiguity we should add a DKIM >>> terminology to clearly separate it from AUID. >>> >>> 3.x Originating Domain Identity (ODID) >>> >>> The ODID is the domain

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Hector Santos wrote: > Murray S. Kucherawy wrote: > >>> Hector stated: >>> I think this message by Barry in March 2009 summarizing a conference >>> call between Pasi, Stephen and Barry nicely captures the upper/lower >>> layers, ADSP, i= and outputs conflicts that continue today: >>> >>> http:

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 4/30/11 10:37 PM, Murray S. Kucherawy wrote: > > -Original Message- From: Hector Santos > > [mailto:hsan...@isdg.net] Sent: Saturday, April 30, 2011 9:10 PM > > To: Murray S. Kucherawy Cc: ietf-dkim@mipassoc.org Subject: Re: > > [ietf-dkim] Output summary - pro

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Hector Santos > Sent: Sunday, May 01, 2011 4:51 PM > To: Michael Thomas > Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Outpu

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Hector Santos [mailto:hsan...@isdg.net] > Sent: Sunday, May 01, 2011 5:33 PM > To: Murray S. Kucherawy > Cc: Murray S. Kucherawy; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> -Original Message- >> Its just really odd that the we need to hide the facts in RFC4871bis >> but not in RFC5585 (DKIM Architecture) and RFC5863 (DKIM Deployment >> Guideline)? > > I've lost track of how many times and how many different ways > it's been exp

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> -Original Message- >> >> Here is the correct message link: >> >> Status and direction >> http://mipassoc.org/pipermail/ietf-dkim/2009q1/011194.html > > That message (a) was sent six months before ADSP was published, > and (b) was written at a time whe

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/1/2011 6:36 PM, Murray S. Kucherawy wrote: > I've lost track of how many times and how many different ways it's been > explained that nothing is being hidden. I'm going to give up now. +1 d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net __

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave CROCKER wrote: > On 5/1/2011 6:36 PM, Murray S. Kucherawy wrote: >> I've lost track of how many times and how many different ways it's been >> explained that nothing is being hidden. > > > +1 Good. So there should not be a problem *not* hiding an explicit identity definition required to

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On Sun, 01 May 2011 05:10:06 +0100, Hector Santos wrote: > So perhaps to help shut down this ambiguity we should add a DKIM > terminology to clearly separate it from AUID. > >3.x Originating Domain Identity (ODID) > >The ODID is the domain part of the From: address. This identity >M

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 01.05.2011 10:38, Hector Santos wrote: > Again, its about protocol consistency. So maybe I should ask the > chairs for: > > "Consensus needs to be reevaluated" IMHO, it needs not: It is premature to define an ODID now. ADSP is considered somewhat broken, and for this message, for

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On Mon, May 2, 2011 at 11:27 AM, Charles Lindsey wrote: > On Sun, 01 May 2011 05:10:06 +0100, Hector Santos wrote: > >> So perhaps to help shut down this ambiguity we should add a DKIM >> terminology to clearly separate it from AUID. >> >>    3.x  Originating Domain Identity (ODID) >> >>    The O

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Alessandro Vesely wrote: > On 01.05.2011 10:38, Hector Santos wrote: >> Again, its about protocol consistency. So maybe I should ask the >> chairs for: >> >> "Consensus needs to be reevaluated" > > IMHO, it needs not: It is premature to define an ODID now. ADSP is > considered somewh

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/1/11 6:55 AM, Dave CROCKER wrote: [...] > In other words, DKIM has nothing to do with the rfc5321.From field, and > therefore it is entirely inappropriate -- that is, out of scope -- for the > specification to suggest dealing with it. You mean 5322.From? And how should we read par. 3.2.2 of

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Rolf E. Sonneveld > Sent: Monday, May 02, 2011 1:14 PM > To: dcroc...@bbiw.net > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output sum

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> Although 5322.From is not mentioned here, how can DKIM provide any level >> of defense against fraudulent use of origin addresses, if d= is the one >> and only mandatory output of the verification process? > > Why does the output of DKIM need to include something whe

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: > It could stand some revision, I suspect. > > Nevertheless, the overall threat model doesn't require that > DKIM itself, i.e. the protocol being defined, also be the > thing that evaluates origin addresses for validity or value. > It's certainly legitimate to leave

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Rolf E. Sonneveld wrote: > On 5/1/11 6:55 AM, Dave CROCKER wrote: > > [...] > >> In other words, DKIM has nothing to do with the rfc5321.From field, and >> therefore it is entirely inappropriate -- that is, out of scope -- for >> the >> specification to suggest dealing with it. > > You mean 53

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

etf-dkim@mipassoc.org >> Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >>> In other words, DKIM has nothing to do with the rfc5321.From field, and >>> therefore it is entirely inappropriate -- that is, out

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Rolf E. Sonneveld [mailto:r.e.sonnev...@sonnection.nl] > Sent: Tuesday, May 03, 2011 3:56 PM > To: Murray S. Kucherawy > Cc: IETF DKIM WG > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain > Identity"

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/3/11 4:25 PM, Murray S. Kucherawy wrote: >>> Why does the output of DKIM need to include something when the >>> consumer of that output already has that information? >> Because a consumer should/must not have to re-do the work of the DKIM >> verifier. Or put it differently: a consumer is just

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/3/11 4:25 PM, Murray S. Kucherawy wrote: > I might even go so far as to say returning that From: field is dangerous > since it is not confirmed by anything, so DKIM (which is an authentication > protocol) returning data that can't be validated, even if it was signed, is > quite possibly ask

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/11 1:25 AM, Murray S. Kucherawy wrote: -Original Message- From: Rolf E. Sonneveld [mailto:r.e.sonnev...@sonnection.nl] Sent: Tuesday, May 03, 2011 3:56 PM To: Murray S. Kucherawy Cc: IETF DKIM WG Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating D

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Rolf E. Sonneveld wrote: > On 5/4/11 1:25 AM, Murray S. Kucherawy wrote: >> The assertion you're making is that the consumer of an API shouldn't >> need to maintain any context; the API will give you back all the bits >> of context you need to continue as well as the answer you need. >> >> .. >>

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> For a scenario where a caller is calling a DKIM milter which in turn calls an > API, this is all true. But DKIM will be/is deployed in many more scenarios. Indeed, but you're misunderstanding the point of a standard. The DKIM spec tells signers how to create a signature that recipients can ve

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 1:23 AM, Rolf E. Sonneveld wrote: > But then DKIM is only authenticating the d= and we should no longer position > DKIM as being 'effective in defending against the fraudulent use of origin > addresses'. Besides your rather unusual sense of software architecture, your above stateme

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

John R. Levine wrote: >> For a scenario where a caller is calling a DKIM milter which >> in turn calls an API, this is all true. But DKIM will be/is >> deployed in many more scenarios. > > Indeed, but you're misunderstanding the point of a standard. The DKIM > spec tells signers how to create

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/11 3:29 PM, Dave CROCKER wrote: > > > On 5/4/2011 1:23 AM, Rolf E. Sonneveld wrote: >> But then DKIM is only authenticating the d= and we should no longer >> position >> DKIM as being 'effective in defending against the fraudulent use of >> origin >> addresses'. > > > Besides your rather u

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 7:04 AM, Rolf E. Sonneveld wrote: >> Which documentation makes your above claims? > > Both documents refer to rfc4686, albeit only in the Informative References > section. rfc4871 refers to rfc4686 only in section 8, rfc4871bis in section 8 > as > well as in section 1.1. > > Please pr

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave CROCKER wrote: > On 5/4/2011 7:04 AM, Rolf E. Sonneveld wrote: >>> Which documentation makes your above claims? >> Both documents refer to rfc4686, albeit only in the Informative >> References section. rfc4871 refers to rfc4686 only in section >> 8, rfc4871bis in section 8 as well as in sec

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 07:08 AM, Dave CROCKER wrote: > The claim that rfc4871bis has the goal you claim is yours. > > So you need to do the work of subtantiating it. > > So far, as you acknowledge, your only reference is quite old, merely > informative, and not a specification. In contrast, rfc4871bis decl

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Douglas Otis wrote: > On 5/3/11 4:25 PM, Murray S. Kucherawy wrote: >> I might even go so far as to say returning that From: field is >> dangerous since it is not confirmed by anything, so DKIM (which >> is an authentication protocol) returning data that can't be >> validated, even if it was sig

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Michael, On 5/4/2011 7:58 AM, Michael Thomas wrote: > This is a good example of why this effort has come off the rails. > Going from 4871 to DS should have been a fairly straightforward > effort considering the high degree of interoperability we achieved. > Instead of just removing a few unused f

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Michael Thomas > Sent: Wednesday, May 04, 2011 7:59 AM > To: dcroc...@bbiw.net > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output sum

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 08:16 AM, Dave CROCKER wrote: > Michael, > > > On 5/4/2011 7:58 AM, Michael Thomas wrote: >> This is a good example of why this effort has come off the rails. >> Going from 4871 to DS should have been a fairly straightforward >> effort considering the high degree of interoperability w

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Rolf E. Sonneveld > Sent: Wednesday, May 04, 2011 7:04 AM > To: dcroc...@bbiw.net > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output sum

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 08:51 AM, Murray S. Kucherawy wrote: >> Both documents refer to rfc4686, albeit only in the Informative >> References section. rfc4871 refers to rfc4686 only in section 8, >> rfc4871bis in section 8 as well as in section 1.1. >> > There are two main fallacies that appear to be b

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 8:18 AM, Murray S. Kucherawy wrote: > Has anyone other than me bothered to generate and review the complete diff? I've uploaded Murray's helpful effort to the DKIM site: I had assumed that the complete diff would be unreadable,

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 9:03 AM > To: Murray S. Kucherawy > Cc: Rolf E. Sonneveld; dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Origina

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave CROCKER wrote: > Michael, > On 5/4/2011 7:58 AM, Michael Thomas wrote: >> This is a good example of why this effort has come off the rails. >> Going from 4871 to DS should have been a fairly straightforward >> effort considering the high degree of interoperability we achieved. >> Instead of ju

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Folks, > I've uploaded Murray's helpful effort to the DKIM site: > > apologies. my html editor got sticky. i guess it really liked the earlier diff. The full diff that I meant to point to is:

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >> My sense is that what Rolf is asking at its base is that the there is >> a conflict between the two documents and it's not clear why they >> exist, and

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Hector Santos > Sent: Wednesday, May 04, 2011 9:17 AM > To: dcroc...@bbiw.net > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output sum

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 09:14 AM, Dave CROCKER wrote: > I've uploaded Murray's helpful effort to the DKIM site: > > > > I had assumed that the complete diff would be unreadable, which is why I > originally put up the incremental diffs. > > However in loo

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Michael Thomas > Sent: Wednesday, May 04, 2011 10:11 AM > To: dcroc...@bbiw.net > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output sum

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

>> Cc: ietf-dkim@mipassoc.org >> Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >> 44 pages of diffs. >> > Updating an RFC number causes a diff. That's not a valid metric. > These aren&#x

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 10:21 AM > To: Murray S. Kucherawy > Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 10:25 AM, Murray S. Kucherawy wrote: > I count at least two new normative changes -- in informational notes > of all places -- by scanning *half* the document, both of which are wrong. > What were the two normative changes in informational notes that were wrong in

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> Has anyone other than me bothered to generate and review the complete diff? I have. The changes to the parts that actually describe how to create a signature are tiny, and well contained, e.g. updating the punycode definition, making sha-1 more deprecated, clarifying that unknown options and

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 10:29 AM > To: Murray S. Kucherawy > Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 9:15 AM, Murray S. Kucherawy wrote: > My read is that Rolf is objecting to RFC4871bis on the grounds that it > conflicts with RFC4686. (He can and should correct me if I'm wrong.) > > If his concerns would be satisfied by a change (perhaps an appendix?) that > simply acknowledges so

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

ject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >> It's because I didn't want to imply that those were the only two. It's just >> what I found in my quick scan. But they were the advise about ignoring >> signa

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> Its absolutely amazing how the main points are just blow away. Wow! > > Can we remain professional, please? This flare for the dramatic > only drags the group down further into the mire (as if that's possible). My apology but please view that take like "I'm giving

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 10:54 AM > To: Murray S. Kucherawy > Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

ject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >> >>> The advice that a verifier can ignore the "l=" tag was in RFC4871, so >>> copying it to RFC4871bis doesn't seem like a problem to me. >>

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave, Sure, you can add an new appendix to justify the inconsistencies but it still doesn't resolve the issue of not exposing the in-scope parameters to satisfy the DKIM Service Architecture and all receiver needs related to DKIM. The mandate to impose a certain behavior is unrealistic and doe

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 9:47 AM, Michael Thomas wrote: > The set of people paying attention now are extremely few, and many of them > have self-interest in revisiting and/or changing the previous consensus -- > taking advantage of the much smaller set of participants. Creative premise. Your assertion is tha

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

>> Cc: ietf-dkim@mipassoc.org >> Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >> 44 pages of diffs. > > Updating an RFC number causes a diff. That's not a valid metric. Since the diff is a side-by-side, i

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Hector Santos wrote: > >> Murray wrote: >> This is completely appropriate in another way: The SDID from a valid >> signature is the only thing that DKIM "proves". > > Ok, very good. It tells you the payoff value for SDID and its ok, to say > its a mandatory identity receivers to look at. but it

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 10:54 AM > To: Murray S. Kucherawy > Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Hector Santos > Sent: Wednesday, May 04, 2011 11:31 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Origina

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Dave CROCKER wrote: > On 5/4/2011 9:47 AM, Michael Thomas wrote: >> The set of people paying attention now are extremely few, and many of them >> have self-interest in revisiting and/or changing the previous consensus -- >> taking advantage of the much smaller set of participants. > > Creative pre

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

ject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >>> The advice that a verifier can ignore the "l=" tag was in RFC4871, so >>> copying it to RFC4871bis doesn't seem like a problem to me. >> >> You ca

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Missing citations for the quotes below: [1] http://www.messagesystems.com/wordpress/?p=65 [2] http://www.messagesystems.com/wordpress/?p=69 Hector Santos wrote: > Dave CROCKER wrote: >> Given the continuing, intense attention to DKIM that is taking place at a >> variety of vendues, such as MAAWG

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Dave CROCKER [mailto:d...@dcrocker.net] > Sent: Wednesday, May 04, 2011 11:54 AM > To: Murray S. Kucherawy > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain > Identity" &g

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> Hector wrote: >> >> Now if we wish to be really truly DKIM complete: >> >> The AUID MAY be passed to Trust Assessors as well. >> >> The ODID MAY be used in advanced identity assessors such as >> Checking Signing Practices [RFC4686, RFC5595, RFC5016, RFC561

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 11:53 AM, Dave CROCKER wrote: >> Considerations Section 8. To avoid this attack, signers should >> be extremely wary of using this tag, and verifiers might wish >> to ignore the tag. >> > To avoid this attack, signers need to be extremely wary of u

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 12:08 PM > To: dcroc...@bbiw.net > Cc: Dave CROCKER; Murray S. Kucherawy; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Origina

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 12:08 PM, Murray S. Kucherawy wrote: >> Verifiers must not ignore them, assessors on the other hand may. > > Either could. It's an implementation choice. > > If the verifier wants to enable the assessor to make the call, it's free to > export "l=" information. Verifiers declare a s

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >> Identity" >> >> Verifiers must not ignore them, assessors on the other hand may. >> > Either could. It's an implementation choice. > > If the verifier wants to ena

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 11:26 AM, Dave CROCKER wrote: >> It's because I didn't want to imply that those were the only two. > > This is quite a remarkable premise for refusing to provide concrete > substance. > > I'm trying to imagine how a working group could ever make progress, > were this premise prevale

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

gt;> To: Murray S. Kucherawy > >> Cc: dcroc...@bbiw.net; ietf-dkim@mipassoc.org > >> Subject: Re: [ietf-dkim] Output summary - proposing ODID > "Originating Domain Identity" > >> > >>> The advice that a verifier can ignore the "l=" tag w

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Michael Thomas [mailto:m...@mtcc.com] > Sent: Wednesday, May 04, 2011 12:13 PM > To: Murray S. Kucherawy > Cc: dcroc...@bbiw.net; Dave CROCKER; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Origina

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> I agree that it's an implementation issue. All of this is. But choosing >> a single "output" formally makes that a no-no for the assessor, which >> is a silly outcome. And it's but one silly outcome. What of the h= values? >> How does an assessor know which ones were

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> -Original Message- > From: Hector Santos [mailto:hsan...@isdg.net] > Sent: Wednesday, May 04, 2011 1:49 PM > To: Murray S. Kucherawy > Cc: Michael Thomas; ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain >

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

rawy wrote: >> -Original Message- >> From: Hector Santos [mailto:hsan...@isdg.net] >> Sent: Wednesday, May 04, 2011 1:49 PM >> To: Murray S. Kucherawy >> Cc: Michael Thomas; ietf-dkim@mipassoc.org >> Subject: Re: [ietf-dkim] Output summary - proposing ODID "

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 01:57 PM, Murray S. Kucherawy wrote: > And who gets to define "appropriate"? > > It's already been pointed out that we could list every current tag's value > and a pile of other stuff to pass on to the next layer, which may or may not > find it useful, but that would make for an ext

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 12:24 PM, Michael Thomas wrote: > On 05/04/2011 11:26 AM, Dave CROCKER wrote: >>> It's because I didn't want to imply that those were the only two. >> >> This is quite a remarkable premise for refusing to provide concrete >> substance. >> >> I'm trying to imagine how a working group c

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 02:11 PM, Michael Thomas wrote: > On 05/04/2011 01:57 PM, Murray S. Kucherawy wrote: > >> And who gets to define "appropriate"? >> >> It's already been pointed out that we could list every current tag's value >> and a pile of other stuff to pass on to the next layer, which may or

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

Murray S. Kucherawy wrote: >> Hector Wrote: >> But its not clear on the other outputs appropriate for the receiver to >> consider. > > And who gets to define "appropriate"? Well, who gets to define "Output Requirements?" I will suggest it is both appropriate and required per RFC5585, RFC4686,

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 2:29 PM, Michael Thomas wrote: > I should also expand that this entire situation started with Crocker > insisting that we must "choose" between between i= and d= > as The Output. It was a false dilemma then, and it remains > a false dilemma. And as with all false dilemmas it only caus

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 02:32 PM, Dave CROCKER wrote: > > On 5/4/2011 2:29 PM, Michael Thomas wrote: > >> I should also expand that this entire situation started with Crocker >> insisting that we must "choose" between between i= and d= >> as The Output. It was a false dilemma then, and it remains >> a fa

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 2:47 PM, Michael Thomas wrote: > On 05/04/2011 02:32 PM, Dave CROCKER wrote: >> >> On 5/4/2011 2:29 PM, Michael Thomas wrote: >>> I should also expand that this entire situation started with Crocker ... >> Right. It was all me. Another ad hominem. Nice. > > History is a personal attac

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/11 11:32 PM, Dave CROCKER wrote: > > On 5/4/2011 2:29 PM, Michael Thomas wrote: >> I should also expand that this entire situation started with Crocker >> insisting that we must "choose" between between i= and d= >> as The Output. It was a false dilemma then, and it remains >> a false dilemm

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 02:53 PM, Dave CROCKER wrote: > > > On 5/4/2011 2:47 PM, Michael Thomas wrote: >> On 05/04/2011 02:32 PM, Dave CROCKER wrote: >>> >>> On 5/4/2011 2:29 PM, Michael Thomas wrote: I should also expand that this entire situation started with Crocker > ... >>> Right. It was all me. An

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/11 7:48 PM, Dave CROCKER wrote: On 5/4/2011 9:15 AM, Murray S. Kucherawy wrote: My read is that Rolf is objecting to RFC4871bis on the grounds that it conflicts with RFC4686. (He can and should correct me if I'm wrong.) If his concerns would be satisfied by a change (perhaps an append

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

> I think in the early days of DKIM most people assumed DKIM would become a > protocol where: > * the body hash and header hash, using various header fields, certifies the > DKIM signature and > * the DKIM signature certifies the body and header fields, that had been used > to create the DKIM si

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 03:55 PM, Rolf E. Sonneveld wrote: > > Well, I think you both are right in reading what my concern/objection > against 4871bis is. And maybe you're also right in that RFC4871 wasn't > that much different of RFC4871bis. > > I think in the early days of DKIM most people assumed DKIM w

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 3:04 PM, Michael Thomas wrote: On 5/4/2011 2:29 PM, Michael Thomas wrote: > I should also expand that this entire situation started with Crocker >> ... Right. It was all me. Another ad hominem. Nice. ... >> As usual, wikipedia is a reasonable reference: >> >>

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 05/04/2011 04:40 PM, Dave CROCKER wrote: [] I'll do Barry the favor of stopping this inane conversation, much as it amuses me. Mike ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/4/2011 4:54 PM, Michael Thomas wrote: > On 05/04/2011 04:40 PM, Dave CROCKER wrote: > I'll do Barry the favor of stopping this inane conversation, much > as it amuses me. Michael, You've made a number of serious claims that you have yet to substantiate, including a personal one that othe

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/5/11 1:07 AM, Murray S. Kucherawy wrote: >> I think in the early days of DKIM most people assumed DKIM would become a >> protocol where: >> * the body hash and header hash, using various header fields, certifies the >> DKIM signature and >> * the DKIM signature certifies the body and header

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

On 5/5/11 1:36 AM, Michael Thomas wrote: > On 05/04/2011 03:55 PM, Rolf E. Sonneveld wrote: >> >> Well, I think you both are right in reading what my concern/objection >> against 4871bis is. And maybe you're also right in that RFC4871 >> wasn't that much different of RFC4871bis. >> >> I think in

  1   2   >