@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should strip DKIM signatures
Perhaps poorly chosen words. But I think most understood the intent.
I'm willing to go from a world where any system can use my From to one
where only the systems I say can. And that means
On 30/Apr/10 20:22, John Levine wrote:
Is there some long-standing toxic effect of mailing lists other than
that they don't fit the simple identity models used by recently
devised authentication schemes?
The opt-in mechanism, I'd say. There's no standardized way for
subscribers' servers to
On 5/1/10 7:56 AM, Alessandro Vesely wrote:
On 30/Apr/10 20:22, John Levine wrote:
Is there some long-standing toxic effect of mailing lists other than
that they don't fit the simple identity models used by recently
devised authentication schemes?
The opt-in mechanism, I'd say.
--On 28 April 2010 11:02:53 -0400 MH Michael Hammer (5304)
mham...@ag.com wrote:
A few thoughts to fuel the discussion:
1) It may be that the BCP document would appropriately have a section
for end users of mail lists. One possible recommendation is that for
domains which have strong
--On 28 April 2010 08:23:52 -0700 Dave CROCKER d...@dcrocker.net wrote:
On 4/28/2010 8:02 AM, MH Michael Hammer (5304) wrote:
A few thoughts to fuel the discussion:
1) It may be that the BCP document would appropriately have a section
for end users of mail lists. One possible
Could you explain what you mean by forge and legitimate? You
appear to be saying that mailing lists are doing something sleazy and
illegitimate by doing what they've done for the past 40 years, which
seems implausible.
That is exactly what I'm saying.
http://en.wikipedia.org/wiki/Asbestos
On Fri, Apr 30, 2010 at 7:48 AM, John R. Levine jo...@iecc.com wrote:
Could you explain what you mean by forge and legitimate? You
appear to be saying that mailing lists are doing something sleazy and
illegitimate by doing what they've done for the past 40 years, which
seems implausible.
On 4/29/2010 2:04 PM, Jeff Macdonald wrote:
On Wed, Apr 28, 2010 at 11:23 AM, Dave CROCKERd...@dcrocker.net wrote:
I think you are raising the (much) larger question of constraining the
nature of
changes made by MLMs. Since they [sic] are actually posting an entirely new
message,
and
On 4/30/2010 3:16 AM, Ian Eiloart wrote:
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be maintained intact then the list should bounce the
message.
What is the particular
--On 30 April 2010 06:00:50 -0700 Dave CROCKER d...@dcrocker.net wrote:
On 4/30/2010 3:16 AM, Ian Eiloart wrote:
2) One possible recommendation to list managers is that if a message
to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be maintained
On Fri, Apr 30, 2010 at 8:56 AM, Dave CROCKER d...@dcrocker.net wrote:
I wrote:
and forging the From address
It's not forged:
to imitate fraudulently
http://dictionary.reference.com/browse/forge
The use of that word, for this situation, is simply incorrect.
And the retention of the
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Jeff Macdonald
Sent: Friday, April 30, 2010 8:32 AM
To: dcroc...@bbiw.net
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
On 04/30/2010 08:32 AM, Jeff Macdonald wrote:
Perhaps poorly chosen words. But I think most understood the intent.
I'm willing to go from a world where any system can use my From to one
where only the systems I say can. And that means changes.
Really? The sender has to opt in? That sounds like
On 4/30/2010 8:32 AM, Jeff Macdonald wrote:
On Fri, Apr 30, 2010 at 8:56 AM, Dave CROCKERd...@dcrocker.net wrote:
I wrote:
and forging the From address
It's not forged:
...
The use of that word, for this situation, is simply incorrect.
...
Perhaps poorly chosen words. But I think most
On Fri, Apr 30, 2010 at 12:15 PM, Dave CROCKER d...@dcrocker.net wrote:
On 4/30/2010 8:32 AM, Jeff Macdonald wrote:
On Fri, Apr 30, 2010 at 8:56 AM, Dave CROCKERd...@dcrocker.net wrote:
I wrote:
and forging the From address
It's not forged:
...
The use of that word, for this
mailing lists
should
strip DKIM signatures
On 4/30/2010 8:32 AM, Jeff Macdonald wrote:
On Fri, Apr 30, 2010 at 8:56 AM, Dave CROCKERd...@dcrocker.net
wrote:
I wrote:
and forging the From address
It's not forged:
...
The use of that word, for this situation, is simply incorrect
On 4/30/2010 9:44 AM, MH Michael Hammer (5304) wrote:
I seem to remember this discussion in the distant past and there overall
people seemed to have less difficulty with the use of the term spoof
or spoofing instead of forge or forging. If not this term then it
would be appropriate to come
On 30/Apr/10 12:13, Ian Eiloart wrote:
--On 28 April 2010 11:02:53 -0400 MH Michael Hammer (5304)
mham...@ag.com wrote:
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be maintained
On 4/30/10 8:48 AM, Michael Thomas wrote:
On 04/30/2010 08:32 AM, Jeff Macdonald wrote:
Perhaps poorly chosen words. But I think most understood the intent.
I'm willing to go from a world where any system can use my From to one
where only the systems I say can. And that means changes.
I know this isn't a popular opinion. Just because something has been
done someway for 40 years doesn't make it right. Thus my link to
asbestos.
Asbestos was always toxic to humans, but for whatever reason it took a
long time to identify the problem.
Is there some long-standing toxic effect of
On Apr 30, 2010, at 1:38 PM, Alessandro Vesely wrote:
On 30/Apr/10 12:13, Ian Eiloart wrote:
--On 28 April 2010 11:02:53 -0400 MH Michael Hammer (5304)
mham...@ag.com wrote:
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP
On Apr 30, 2010, at 12:28 PM, Jeff Macdonald wrote:
I'm willing to go from a world where any system can use my From to one
where only the systems I say can. And that means changes.
That's an example of the problem in using the term: Much discussion about
DKIM presume far more end-to-end
On Apr 28, 2010, at 5:02 AM, MH Michael Hammer (5304)
mham...@ag.com wrote:
A few thoughts to fuel the discussion:
2) One possible recommendation to list managers is that if a message
to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be
On Wed, Apr 28, 2010 at 11:23 AM, Dave CROCKER d...@dcrocker.net wrote:
I think you are raising the (much) larger question of constraining the nature
of
changes made by MLMs. Since they [sic] are actually posting an entirely new
message,
and forging the From address
they have the
changes made by MLMs. Since they [sic] are actually posting an
entirely new message,
and forging the From address
they have the legitimate freedom to do what they want to it.
is it really legitimate in today's world?
Could you explain what you mean by forge and legitimate? You
appear to be
On Thu, Apr 29, 2010 at 8:56 PM, John Levine jo...@iecc.com wrote:
changes made by MLMs. Since they [sic] are actually posting an
entirely new message,
and forging the From address
they have the legitimate freedom to do what they want to it.
is it really legitimate in today's world?
Could
--On 27 April 2010 13:29:25 -0600 McDowell, Brett bmcdow...@paypal.com
wrote:
Are there MLM vendors or service providers on this list who feel they
know enough about this use case at this point to have a firm position
either for or against standardizing this functionality?
I'm neither,
--On 27 April 2010 12:11:02 -0700 Dave CROCKER d...@dcrocker.net wrote:
I think the confusion is the difference between hearing individual
examples, versus extrapolating them to the larger community. Yahoo and
Google are important and useful. But they are not representative.
Right,
A few thoughts to fuel the discussion:
1) It may be that the BCP document would appropriately have a section
for end users of mail lists. One possible recommendation is that for
domains which have strong security concerns, they may want to have a
policy against posting to lists using the domain
On 4/28/2010 8:02 AM, MH Michael Hammer (5304) wrote:
A few thoughts to fuel the discussion:
1) It may be that the BCP document would appropriately have a section
for end users of mail lists. One possible recommendation is that for
domains which have strong security concerns, they may want
-Original Message-
From: Dave CROCKER [mailto:d...@dcrocker.net]
Sent: Wednesday, April 28, 2010 11:24 AM
To: MH Michael Hammer (5304)
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should
strip DKIM signatures
On 4/28/2010 8:02
On 4/28/2010 8:31 AM, MH Michael Hammer (5304) wrote:
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP discardable policy AND the
signature cannot be maintained intact then the list should bounce the
message.
What is the
On 28/Apr/10 17:23, Dave CROCKER wrote:
On 4/28/2010 8:02 AM, MH Michael Hammer (5304) wrote:
1) [...] policy against posting to lists using the domain in question.
2) One possible recommendation to list managers is that if a message to
the list is DKIM signed AND has an ADSP discardable
Is it something that would make sense to add to the Development,
Deployment and Operations document?
Tony
On 4/26/2010 4:24 PM, J.D. Falk wrote:
On Apr 26, 2010, at 8:05 AM, MH Michael Hammer (5304) wrote:
Agreed. Absolutely.
Another real question, equally important: who is actually
Another real question, equally important: who is actually writing this BCP?
Is it something that would make sense to add to the Development,
Deployment and Operations document?
It would probably be better to keep it separate, since it's likely to
be more contentious than everything else in
On 04/27/2010 08:06 AM, John Levine wrote:
Another real question, equally important: who is actually writing this BCP?
Is it something that would make sense to add to the Development,
Deployment and Operations document?
It would probably be better to keep it separate, since it's likely to
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Michael Thomas
Sent: Tuesday, April 27, 2010 11:13 AM
To: John Levine
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should
damn MUAs for not being consistent for threading - see my other
message in the other thread as it is related to this one:
On Mon, Apr 26, 2010 at 1:36 PM, McDowell, Brett bmcdow...@paypal.com wrote:
On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote:
Something like: X sends to a list at Y
-Original Message-
From: Jeff Macdonald [mailto:macfisher...@gmail.com]
Sent: Tuesday, April 27, 2010 10:05 AM
To: McDowell, Brett
Cc: Murray S. Kucherawy; ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should strip DKIM signatures
- was Why mailing lists
should strip DKIM signatures
That's interesting. Let's make this concrete... I'll use myself as
an example.
X = me/PayPal.com
Y = this list/ietf-dkim@mipassoc.org
Z = Google's Gmail service [1]
It is my assumption that someone subscribed to this list has a
gmail.com
On 4/27/2010 10:40 AM, McDowell, Brett wrote:
That's how I see it. The key is that Y *validates* the DKIM signature and
processes the sender's ADSP
Where is this going to be supported? That is, how widespread does anyone
believe that support for this scenario will be? Why?
d/
--
On Apr 27, 2010, at 1:50 PM, Dave CROCKER wrote:
On 4/27/2010 10:40 AM, McDowell, Brett wrote:
That's how I see it. The key is that Y *validates* the DKIM signature and
processes the sender's ADSP
Where is this going to be supported? That is, how widespread does anyone
believe that
On 4/27/2010 11:08 AM, McDowell, Brett wrote:
On Apr 27, 2010, at 1:50 PM, Dave CROCKER wrote:
On 4/27/2010 10:40 AM, McDowell, Brett wrote:
That's how I see it. The key is that Y *validates* the DKIM signature
and processes the sender's ADSP
Where is this going to be supported? That is,
Who do you feel we need to hear from at this stage to gauge interest?
-- Brett
On Apr 27, 2010, at 2:32 PM, Dave CROCKER wrote:
On 4/27/2010 11:08 AM, McDowell, Brett wrote:
On Apr 27, 2010, at 1:50 PM, Dave CROCKER wrote:
On 4/27/2010 10:40 AM, McDowell, Brett wrote:
That's how I
On 4/27/2010 11:48 AM, McDowell, Brett wrote:
Who do you feel we need to hear from at this stage to gauge interest?
For any specification, it helps to hear from the folks who will write the
software and from the folks who will deploy and use it.
If we specify it, they will come is a very
On Apr 27, 2010, at 2:57 PM, Dave CROCKER wrote:
On 4/27/2010 11:48 AM, McDowell, Brett wrote:
Who do you feel we need to hear from at this stage to gauge interest?
For any specification, it helps to hear from the folks who will write the
software and from the folks who will deploy and
On 4/27/2010 12:04 PM, McDowell, Brett wrote:
On Apr 27, 2010, at 2:57 PM, Dave CROCKER wrote:
For any specification, it helps to hear from the folks who will write the
software and from the folks who will deploy and use it.
But I interpreted your earlier comment as indicating that Google
mailing lists
should strip DKIM signatures
That's interesting. Let's make this concrete... I'll use myself as
an example.
X = me/PayPal.com
Y = this list/ietf-dkim@mipassoc.org
Z = Google's Gmail service [1]
It is my assumption that someone subscribed to this list has
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Douglas Otis
Sent: Tuesday, April 27, 2010 12:18 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should strip DKIM signatures
So Murray... you mentioned you started talking to folks about this use case at
IETF 77. Were any of them MLM vendors or service providers?
Are there MLM vendors or service providers on this list who feel they know
enough about this use case at this point to have a firm position either for or
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of McDowell, Brett
Sent: Tuesday, April 27, 2010 12:29 PM
To: dcroc...@bbiw.net
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
it would help to hear from them, that they are interested in
implementing what we direct them to implement.
Hi. I'm one of the guys who maintains majordomo2. (Pay no attention
to anyone else who might have a similar name.)
I've adjusted it to sign outgoing mail with a d= that matches the
I think we are having the wrong discussion. The real question is:
What are appropriate practices for mailing lists in handling DKIM
signed mail?
By focusing on John and his single example we are looking at a tree and
not the forest. This may not be the best way to extrapolate recommended
best
MH Michael Hammer (5304) wrote:
I think we are having the wrong discussion. The real question is:
What are appropriate practices for mailing lists in handling DKIM
signed mail?
By focusing on John and his single example we are looking at a tree and
not the forest. This may not be the best
On Apr 23, 2010, at 12:56 PM, John Levine wrote:
John, can you simply clarify the rules/logic of your FBL with Yahoo!?
That will clarify this scenario considerably.
It's just like the IP based FBLs that other mail systems have, only
keyed on DK or DKIM d= signing domains rather than IP
-Original Message-
From: McDowell, Brett [mailto:bmcdow...@paypal.com]
Sent: Monday, April 26, 2010 10:37 AM
To: Murray S. Kucherawy
Cc: John Levine; ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should strip DKIM signatures
Murray
On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote:
Something like: X sends to a list at Y that then relays to Z; Z trusts Y to
implement DKIM and Authentication-Results and all that properly, so Z
believes Y when it says X had a signature on here that verified even if X's
signature on
On 4/26/10 10:36 AM, McDowell, Brett wrote:
On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote:
Something like: X sends to a list at Y that then relays to Z; Z trusts Y to
implement DKIM and Authentication-Results and all that properly, so Z
believes Y when it says X had a
On Apr 26, 2010, at 8:05 AM, MH Michael Hammer (5304) wrote:
I think we are having the wrong discussion. The real question is:
What are appropriate practices for mailing lists in handling DKIM
signed mail?
By focusing on John and his single example we are looking at a tree and
not the
Doctor, it hurts when I do this.
So don't do that.
X = me/PayPal.com
Y = this list/ietf-dkim@mipassoc.org
Z = Google's Gmail service [1]
I understand your point, but I think that it would be a better idea to
put Paypal's transactional mail and mail from its staff into different
domains with
60 matches
Mail list logo