Re: [ietf-dkim] A more fundamental SSP axiom

["Hector Santos" <hsantos@santronics.com>]

From: "Mark Delany"


> And are we talking about Mailing Lists today, or Mailing Lists in five
> years time after DKIM slowly ramps up? A Mailing List of the future
> mail well be verifying incoming mail and make decisions about
> re-broadcasting based on "I sign all"?

Very good point.

For me, it is almost a no-brainer of what we will need to add our mailing
list server on the onset.  To reduce all kinds of issues from support,
survivability questions, including reduce liability,  these two features
will help:

1)  Check for restrictive policies during subscription process, accept
     only non-DKIM domains or those that might allow 3rd party signing
     depending if the MLS signing option is enabled.

2)  Offer new options to avoid mail integrity changes (adding Header and
     Footers) based on DKIM messages.

The last one is very tough because most people are going to want to add
footers, so that pretty much dictates one or more two things:

    - The domain allows 3rd party signing, and/or even possibly
    - The domain allows stripping of the original.

Stripping I believe violates DKIM-BASE so that's something that should be
reconsidered.   Stripping fits well with a policy such as:

       OP=optional;3P=optional;    Both Party may sign

But if the MLS is intent in signing the mail, it will be difficult for MLS
to support:

        OP=NEVER; 3P=NEVER;    No signing expected
        OP=ALWAYS; 3P=NEVER;   1st party only always signs mail
        OP=OPTIONAL; 3P=NEVER;  1st party may sign mail

So the domain itself has to be aware of what it doing with its DKIM mail.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html