IETF Logo Mail Archive

Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]

William Leibzon <william@completewhois.com> Thu, 20 May 2004 04:12 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11324 for <asrg-archive@odin.ietf.org>; Thu, 20 May 2004 00:12:36 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQetU-00080j-U8 for asrg-archive@odin.ietf.org; Thu, 20 May 2004 00:10:57 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4K4Aud9030788 for asrg-archive@odin.ietf.org; Thu, 20 May 2004 00:10:56 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQekH-0005Yf-EC for asrg-web-archive@optimus.ietf.org; Thu, 20 May 2004 00:01:25 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA10878 for <asrg-web-archive@ietf.org>; Thu, 20 May 2004 00:01:22 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQekF-0000wx-4W for asrg-web-archive@ietf.org; Thu, 20 May 2004 00:01:23 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQejT-0000o5-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 00:00:36 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQeiQ-0000ek-00 for asrg-web-archive@ietf.org; Wed, 19 May 2004 23:59:30 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQed8-0003w5-69; Wed, 19 May 2004 23:54:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQeOz-0000k8-53 for asrg@optimus.ietf.org; Wed, 19 May 2004 23:39:25 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10285 for <asrg@ietf.org>; Wed, 19 May 2004 23:39:22 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQeOx-0005mU-3P for asrg@ietf.org; Wed, 19 May 2004 23:39:23 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQeNz-0005eX-00 for asrg@ietf.org; Wed, 19 May 2004 23:38:24 -0400
Received: from cwhois1.completewhois.com ([216.151.192.222] helo=mail.completewhois.com) by ietf-mx with esmtp (Exim 4.12) id 1BQeNd-0005VQ-00 for asrg@ietf.org; Wed, 19 May 2004 23:38:02 -0400
Received: by mail.completewhois.com (Postfix, from userid 500) id 6CA0418A1C; Wed, 19 May 2004 20:44:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.completewhois.com (Postfix) with ESMTP id 65BED4C06B for <asrg@ietf.org>; Wed, 19 May 2004 20:44:38 -0700 (PDT)
From: William Leibzon <william@completewhois.com>
To: asrg@ietf.org
Subject: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
In-Reply-To: <20040519230529.23514.qmail@xuxa.iecc.com>
Message-ID: <Pine.LNX.4.44.0405191929140.3770-100000@cwhois1.completewhois.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 19 May 2004 20:44:38 -0700
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

On 19 May 2004, John Levine wrote:

> >Big problem I have with it is that yahoo domain keys breaks with email 
> >forwarders, mail lists and roaming users (and they fully acknoledge that
> >it does not work with them and say there is no good work-around). That 
> >makes it no-go as far as I concerned for initial deployment unless 
> >changes are made. 
> 
> Are you sure you read the same DK document as the rest of us?
http://antispam.yahoo.com/domainkeys/draft-delany-domainkeys-base-00.txt

> Forwarding works fine if it doesn't mess with the message other than
> prepending headers.
That is simplest forwarder and yes, it does work there. 
Many forwarders do lot more then that unfortunetly, reseting Sender, 
adding some "X-..." headers, etc.

Note also that I usually the word "forwarder" to mean just any mail relaying
server, including mail list server.

> Roaming users work fine if they sign in the MUA.
Yes, if roaming user has private key. But since multiple private keys are 
allowed, I'll accept that roaming user problem is not an issue with this
proposal.

> Mailing lists are an issue but there are some ideas to deal with that.
To me its the biggest issue of all. Mail lists are EXTREMELY popular and
almost all mail list sofware modifies headers (sometimes changes "From" 
and "To" and supposed to reset Sender and add List- headers). As such 
deployment would mean that those using domain keys would not be able to 
use mail lists until their software is somewhow modified to deal with 
domain keys (which might take quite some time).

On Wed, 19 May 2004, Mark Baugher wrote:

> You're assuming that there's no way to fix the break.

Actually no, I'm not. But knowing what domain keys would be about before 
time and as such that these problems would exist, I was just hoping to see 
specs that have dealt with these issues better. Perhaps I was too hopefull
and a bit unhappy that I had to read 30 pages and main details could fit
in 2 and did not solve some important problems and that yet again proposal 
reused TXT record instead of propoing exact details on new dns record to 
store public keys (which would be really really usefull).

Going back to maillist problem and similar, in my opinion, the way solve 
these problems (when modification of email headers by intermediate MTA
would cause domain-keys verification to fail) is to have multiple 
signatures for different parts of the email, with first one being 
signature for content of the email (or even for each MIME part) and then
separate signature(s) for email headers with signature line that also 
includes info on exactly which headers it is for, then when new headers 
are added, they can be ignored when trying to verify this hash/signature.

---
William Leibzon


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email