Re: MLM subaddress requirement
Chris Newman <Chris.Newman@innosoft.com> Tue, 05 August 1997 17:39 UTC
Received: from cnri by ietf.org id aa14835; 5 Aug 97 13:39 EDT
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by cnri.reston.va.us (8.8.5/8.7.3) with ESMTPid NAA13601; Tue, 5 Aug 1997 13:37:48 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.5/8.7.3) id KAA10160 for ietf-822-bks; Tue, 5 Aug 1997 10:15:57 -0700 (PDT)
Received: from THOR.INNOSOFT.COM (SYSTEM@THOR.INNOSOFT.COM [192.160.253.66]) by mail.proper.com (8.8.5/8.7.3) with ESMTP id KAA10156 for <ietf-822@imc.org>; Tue, 5 Aug 1997 10:15:53 -0700 (PDT)
Received: from eleanor.innosoft.com ("port 54786"@ELEANOR.INNOSOFT.COM) by INNOSOFT.COM (PMDF V5.1-8 #8694) with SMTP id <01IM2SD25ZJ48WXFE2@INNOSOFT.COM> for ietf-822@imc.org; Tue, 5 Aug 1997 10:19:07 PDT
Date: Tue, 05 Aug 1997 10:20:58 -0700
From: Chris Newman <Chris.Newman@innosoft.com>
Subject: Re: MLM subaddress requirement
In-reply-to: <199708051642.MAA15290@black-ice.cc.vt.edu>
To: Valdis.Kletnieks@vt.edu
Cc: ietf-822@imc.org
Message-id: <Pine.SOL.3.95.970805095709.18393D-100000@eleanor.innosoft.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="US-ASCII"
Originator-Info: login-id=chris; server=thor.innosoft.com
Sender: owner-ietf-822@imc.org
Precedence: bulk
On Tue, 5 Aug 1997 Valdis.Kletnieks@vt.edu wrote: > > (3) Ignoring subaddresses for the purpose of permitting postings. > > This doesn't work. Remember - the MLM *CAN NOT TELL* whether a piece > of mail from 'a+b@somedom.com' is from a subaddress-aware site or if > it's just from a site that has some OTHER meaning for '+'. As such, > if you "ignore", and the list is closed, you just allowed 'a+c@somedom.com' > to improperly post/subscribe/etc to the list. What is the purpose of restricting postings based on the envelope address? It's obviously *not* a security issue as anyone can generate email from any address trivially (own a copy of Netscape?). I claim the primary purpose is to reduce spam. Permitting postings from user if user+foo is subscribed has no impact on this primary purpose. In the case of a signature verifying list, there has to be some way to register a PGP key to use with the list. The way to meet the interoperability requirement is simply to allow the address in the registered PGP key (used for posting & control) to be different from the subscription address. This is not particularly cumbersome or painful given the key has to be registered anyway. > Yes. If the remote system is unable to tell if an optional feature is in > use, it *MUST* assume that the feature is *NOT* present. Blindly saying > "This is SO $%(*^$% neat that I'll assume the world does it TOO" is just > a good way to screw the users to the wall. What negative impact does the loosened form of the requirement have? I've actually been thinking about a feature negotiation for email mechanism (e.g. a simple way to say "don't send me s/mime gunk or text/html but I like UTF-8"), but such a mechanism needs to be used sparingly and I just don't think subaddresses merit this level of complexity. The fact is, subaddresses _mostly_ work today. I had to switch a compile time option to allow editing of the from address in my MUA. Every final delivery agent I've used supports them. And only one mailing list I'm on currently (IETF-TLS) doesn't meet this revised MLM requirement from what I can tell. - Chris
- 50 people vs. newman D. J. Bernstein
- Re: 50 people vs. newman Harald.T.Alvestrand
- Re: 50 people vs. newman Valdis.Kletnieks
- Re: 50 people vs. newman Bart Schaefer
- MLM subaddress requirement Chris Newman
- Re: MLM subaddress requirement Valdis.Kletnieks
- Re: MLM subaddress requirement Chris Newman
- Re: 50 people vs. newman D. J. Bernstein
- Re: 50 people vs. newman Donald E. Eastlake 3rd
- Re: MLM subaddress requirement Valdis.Kletnieks
- Re: 50 people vs. newman D. J. Bernstein
- Re: MLM subaddress requirement Donald E. Eastlake 3rd