Re: [Ietf-dkim] Adding an aim= tag to DKIM Signature Tag Specifications

Alessandro Vesely <vesely@tana.it> Tue, 12 May 2020 18:14 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 206FF3A08B8 for <ietf-dkim@ietfa.amsl.com>; Tue, 12 May 2020 11:14:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iyElOo2wKY-0 for <ietf-dkim@ietfa.amsl.com>; Tue, 12 May 2020 11:14:15 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 909C13A08B6 for <ietf-dkim@ietf.org>; Tue, 12 May 2020 11:14:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1589307251; bh=baKraSsp/OPOOelsyVVXpjCdzBmTNjZIH3krvRwki0c=; l=1892; h=To:Cc:References:From:Date:In-Reply-To; b=BOKLLEA/Wkj6zS0/Jq/6V81DbZrMMITkScf2DymtToK2lwI6cToN3PV0sOZf17FAx 7dXjIn+MB5BRIUtsEUetBswzVAFxPBCZk+aXao3xkjzH2b6/rIwqYlfVpCuJiDqi86 KU2js70iEyJ8Bi6pXfNgZp5fHRrdUKoBh4wYbffjPLZoi48zoUsY61tQYEqjg
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.2, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC02A.000000005EBAE773.0000378A; Tue, 12 May 2020 20:14:11 +0200
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: ietf-dkim@ietf.org
References: <80533fb3-75a2-1d60-801d-c54d735d4094@tana.it> <7ac84ebf-e30b-6288-81c2-4a6631471d74@dcrocker.net> <5d9709d4-fd1e-9275-6a36-dfc6e7fca97b@bluepopcorn.net> <486245c5-d261-c6df-560b-f022c1ebabd5@dcrocker.net> <551162f8-6c95-071c-3b2e-6a265b1c9783@tana.it> <CAL0qLwYDxA7uyLp6h19P5iSVH0eVen0aEGKRic9BrV=C7gC68Q@mail.gmail.com> <c975c01e-c3a5-a0d6-dba6-f4a1c245ab56@tana.it> <CAL0qLwYY4PCFwe8=WTBMJLU3=OBnRfB4TUpRma_WXppnueBQKA@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <386556c3-74ac-4535-2607-23180e1d9d32@tana.it>
Date: Tue, 12 May 2020 20:14:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <CAL0qLwYY4PCFwe8=WTBMJLU3=OBnRfB4TUpRma_WXppnueBQKA@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/KcRYoLge2phAZxtGhOcaUE8HTGA>
Subject: Re: [Ietf-dkim] Adding an aim= tag to DKIM Signature Tag Specifications
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 18:14:17 -0000

On Tue 12/May/2020 19:09:55 +0200 Murray S. Kucherawy wrote:
> On Tue, May 12, 2020 at 9:30 AM Alessandro Vesely <vesely@tana.it> wrote:
>> On Tue 12/May/2020 17:48:38 +0200 Murray S. Kucherawy wrote:
>>> On Tue, May 12, 2020 at 1:20 AM Alessandro Vesely <vesely@tana.it> wrote:
>>>> On Mon 11/May/2020 20:23:12 +0200 Murray S. Kucherawy wrote:
>>>>> Indeed; why would I believe what any given domain claims in this tag?
>>>>
>>>> If you trust the domain, you can as well trust their tagging.
>>>>
>>>
>>> If you trust the domain, you don't need their tagging.
>>
>> Why not?  I may trust gmail, say.  Yet, in order to learn what
>> restrictions they apply to the From: I have to create an account and try.
>> There is no standard location where they declare their policy in a
>> machine-readable manner, and policies written in legalese are even less
>> readable...>>
> 
> What would you do with that information if you had it?


I think I'd copy it to comments in the corresponding A-R header field.  That
would make A-R stanzas more eloquent.


> Maybe you're using a different definition of "trust" than I am.  To me, "I
> trust gmail.com" means "I believe mail signed by gmail.com is legitimate",
> irrespective of how they might handle their mail.
> 
> Put another way: I believe I would only reach the opinion that I "trust"
> mail from a domain when I already know the thing(s) your tag(s) would tell
> me.


"Trust" and "legitimacy" are abstract terms deeply rooted in human senses, i.e.
hardly machine readable.  For a more pragmatic definition of trust, "I trust
gmail.com" would mean "I believe that header fields written by gmail.com are
true to life (up to transient bugs)".  In that sense, if they stated that the
From: corresponds to the login Id, I'd believe it.

Hey, what if gmail used different selectors for newcomers?


Best
Ale
--