IETF Logo Mail Archive

Re: [ietf-822] WSJ/gmail/ML, was a permission to...

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 04 May 2014 00:35 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9951A013D for <ietf-822@ietfa.amsl.com>; Sat, 3 May 2014 17:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.342
X-Spam-Level:
X-Spam-Status: No, score=-1.342 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_16=0.6, J_CHICKENPOX_41=0.6, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9FteOKYvDpYy for <ietf-822@ietfa.amsl.com>; Sat, 3 May 2014 17:35:30 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.252.184]) by ietfa.amsl.com (Postfix) with ESMTP id 6797B1A013A for <ietf-822@ietf.org>; Sat, 3 May 2014 17:35:30 -0700 (PDT)
Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id F1B6120028; Sat, 3 May 2014 20:36:45 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 41F9C63ABD; Sat, 3 May 2014 20:35:23 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 2E4FB63AB6; Sat, 3 May 2014 20:35:23 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hector Santos <hsantos@isdg.net>
In-Reply-To: <53655C13.9070201@isdg.net>
References: <20140418123721.3610.qmail@joyce.lan> <5365357D.2020101@tana.it> <53653C7A.3090304@pscs.co.uk> <53655C13.9070201@isdg.net>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sat, 03 May 2014 20:35:23 -0400
Message-ID: <6116.1399163723@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/Vw47iMNcN2YGgj-jtbia1fMSly8
Cc: ietf-822@ietf.org, Paul Smith <paul@pscs.co.uk>
Subject: Re: [ietf-822] WSJ/gmail/ML, was a permission to...
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 00:35:32 -0000

Hector Santos <hsantos@isdg.net> wrote:
    > For larger scale, using Murray's ATPS (RFC6541 ) extension, the DMARC
    > record is:

    >    v=dmarc1 p=reject atps=y ......

    > The atps=y tag say to check for "_atps." zone record for the signing
    > domain, ietf.org, authorization.  You can create and see this record at
    > the wizard http://www.winserver.com/public/wcadsp


    >   _adsp._domainkey TXT ("dkim=all; atps=y; asl=ietf.org;")
    > PQ6XADOZSI47RLUIQ5YOHG2HY3MVJYOO._atps TXT ("v=atps01; d=ietf.org;")

    > I think this is is very simple and elegant solution. Doug has TPA with
    > similar zone records tags and labels to lookup.  Its all basically the

So, how in the world does this scale to having thousands of "trusted" mailing
lists?  Seriously.

I guess I'll have to read the draft to understand what the second record is.
It seems that it ought to be something like:
   ietf.org._adsp._domainkey TXT ...

    > If the IETF had supported ADSP/ATPS back in DKIM-WG, this would of been
    > a done deal long ago.  Yahoo's DMARC record would of been:

    >      v=dmarc1 p=reject atps=y

    > and there would be 30,000 ATPS records for all the purported list that
    > yahoo says their users are members of.

okay, but how would they have fit into that _adsp record?

    > The IETF SHOULD endorse 3rd party Authorization ideas so we can begin
    > to finally solve this problem.

    > I'm done.

I sure support the concept, but it seems to me that we need to do this
differently.

I was thinking that a (list) machine, receiving a signed message with
p=reject, would respond with some new 3xx code that would say, "great, I'd
love to help you, but you didn't delegate to me....", and then include
some transactional part that would help the right authorization occur.
Perhaps going back to the *user* to confirm.

After all, just because mcr@yahoo.com is a subscriber to ietf.org lists,
doesn't mean that frank@yahoo.com wants his email redistributed by ietf.org.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email