Re: [ietf-dkim] A more fundamental SSP axiom
"Hector Santos" <hsantos@santronics.com> Sat, 05 August 2006 01:48 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9BH6-0002zu-4x for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 21:48:24 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G9AnF-00088y-6O for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 21:17:33 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1G9AcN-0005Qy-Ba for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 21:06:23 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k7514YRc017832; Fri, 4 Aug 2006 18:04:34 -0700
Received: from winserver.com (secure.winserver.com [208.247.131.9]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k7514Rpq017818 for <ietf-dkim@mipassoc.org>; Fri, 4 Aug 2006 18:04:27 -0700
Received: by winserver.com (Wildcat! SMTP Router v6.1.451.8) for ietf-dkim@mipassoc.org; Fri, 04 Aug 2006 21:06:29 -0400
Received: from hdev1 ([72.144.136.116]) by winserver.com (Wildcat! SMTP v6.1.451.8) with ESMTP id 1493773016; Fri, 04 Aug 2006 21:06:28 -0400
Message-ID: <026901c6b82a$e410eed0$0201a8c0@hdev1>
From: Hector Santos <hsantos@santronics.com>
To: Michael Thomas <mike@mtcc.com>, arvel.hathcock@altn.com
References: <MDAEMON-F200608041905.AA0542108md50000023415@altn.com> <44D3E5C9.5050408@mtcc.com>
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
Date: Fri, 04 Aug 2006 21:02:52 -0400
Organization: Santronics Software, Inc.
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Songbird: Clean, Clean
Cc: ietf-dkim@mipassoc.org
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: -1.3 (-)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
----- Original Message ----- From: "Michael Thomas" <mike@mtcc.com> To: <arvel.hathcock@altn.com> > So if I set a policy of "I sign all", and a mailing list mangles it, > what exactly is the mailing list receiving the bounce going to > do? Blackhole it? Bounce the user off the list? Anything useful > whatsoever? We develop an MLS so I can provide my our integration design considerations done. It depends first if the MLS is DKIM compliant. If not, normal MLS processing is done, which may of course promotes the #1 DKIM concern - breaking the integrity of the message. For the DKIM compliant MLS, then in order to "better" support DKIM, some major consideration has to be done. Some considerations were written in DSAP: 3.3. Mailing List Servers Mailing List Servers (MLS) applications who are compliant with DKIM and DSAP operations, SHOULD adhere to the following guidelines: Subscription Controls MLS subscription processes should perform a DSAP check to determine if a subscribing email domain DSAP policy is restrictive in regards to mail integrity changes or 3rd party signatures. The MLS SHOULD only allow original domain policies who allow 3rd party signatures. Message Content Integrity Change List Servers which will alter the message content SHOULD only do so for original domains with optional DKIM signing practices and it should remove the original signature if present. If the List Server is not going to alter the message, it SHOULD NOT remove the signature, if present. In short, there were three design questions here: - Will a domain who wants to sign all mail even want to send his mail into a mailing list that is not DKIM complaint? You are assuming this is desirable. - Will then DKIM compliant MLS even want to accept the responsibilty for handling the incoming domain mail with restrictive policies? The MLS will only want to do 3rd party signing, so it would only be ideally work with policies that allow 3rd party signing. - and will then DKIM compliant MLS even to allow the subscription from email domains restrictive policies? To mininize failure, a pre-emptive approach is a great feature for the MLS DKIM implementator. I see this an feature for the software. So the docs should only provide hindsight. If you believe MLS should be able to sign all mail itself without restriction, then without a doubt this will help mold (cut down) the available policies for DKIM. This is what you want, I believe. But again, this assumes that domains will even want to send these types of high-value domain mail to a mailing list, and without a 3rd party signing restriction, you open the door for abuse because you will never know for sure if it really come from a MLS or some other middle-man exploitation. You lose confidence in the DKIM signing practice. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- Re: [ietf-dkim] A more fundamental SSP axiom Paul Hoffman
- [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom wayne
- Re: [ietf-dkim] A more fundamental SSP axiom Scott Kitterman
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- RE: [ietf-dkim] A more fundamental SSP axiom Arvel Hathcock
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- RE: [ietf-dkim] A more fundamental SSP axiom Bill.Oxley
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- RE: [ietf-dkim] A more fundamental SSP axiom Arvel Hathcock
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- RE: [ietf-dkim] A more fundamental SSP axiom Arvel Hathcock
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Arvel Hathcock
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- RE: [ietf-dkim] A more fundamental SSP axiom Paul Hoffman
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- RE: [ietf-dkim] A more fundamental SSP axiom Bill.Oxley
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Stephen Farrell
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Steve Atkins
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Steve Atkins
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom John Levine
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- [ietf-dkim] SSP thought experiment John L
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] SSP thought experiment Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- RE: [ietf-dkim] SSP thought experiment Bill.Oxley
- RE: [ietf-dkim] SSP thought experiment John L
- RE: [ietf-dkim] A more fundamental SSP axiom Hallam-Baker, Phillip
- RE: [ietf-dkim] A more fundamental SSP axiom John L
- RE: [ietf-dkim] A more fundamental SSP axiom Hallam-Baker, Phillip
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom wayne
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom william(at)elan.net
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- RE: [ietf-dkim] A more fundamental SSP axiom Bill.Oxley
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom John L
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom Mark Delany
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- RE: [ietf-dkim] A more fundamental SSP axiom Arvel Hathcock
- RE: [ietf-dkim] A more fundamental SSP axiom Arvel Hathcock
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom william(at)elan.net
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- Re: [ietf-dkim] A more fundamental SSP axiom Mark Delany
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Damon
- RE: [ietf-dkim] A more fundamental SSP axiom Bill.Oxley
- Re: [ietf-dkim] A more fundamental SSP axiom Mark Delany
- Re: [ietf-dkim] A more fundamental SSP axiom Michael Thomas
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom John Levine
- RE: [ietf-dkim] SSP requirements Bill.Oxley
- [ietf-dkim] punting into near-term standardization Dave Crocker
- Re: [ietf-dkim] A more fundamental SSP axiom Mark Delany
- RE: [ietf-dkim] A more fundamental SSP axiom Bill.Oxley
- Re: [ietf-dkim] SSP requirements Mark Delany
- RE: [ietf-dkim] SSP requirements John L
- RE: [ietf-dkim] SSP requirements Bill.Oxley
- Re: [ietf-dkim] SSP requirements John Levine
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] punting into near-term standardiz… Arvel Hathcock
- Re: [ietf-dkim] A more fundamental SSP axiom Hector Santos
- Re: [ietf-dkim] SSP requirements Michael Thomas
- Re: [ietf-dkim] SSP requirements Hector Santos
- Re: [ietf-dkim] SSP requirements John L
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] A more fundamental SSP axiom Douglas Otis
- Re: [ietf-dkim] SSP requirements Hector Santos
- Re: [ietf-dkim] SSP requirements Douglas Otis
- Re: [ietf-dkim] SSP requirements william(at)elan.net
- Re: [ietf-dkim] SSP requirements Michael Thomas
- [ietf-dkim] The problem with sender policy John L
- [ietf-dkim] DKIM Client Policy Requirement Douglas Otis
- RE: [ietf-dkim] The problem with sender policy Bill.Oxley
- RE: [ietf-dkim] The problem with sender policy John L
- Re: [ietf-dkim] SSP requirements Mark Delany
- RE: [ietf-dkim] The problem with sender policy william(at)elan.net
- Re: [ietf-dkim] SSP requirements Douglas Otis
- Re: [ietf-dkim] SSP requirements Hector Santos
- Re: [ietf-dkim] SSP requirements Dave Crocker
- Re: [ietf-dkim] punting into near-term standardiz… Hector Santos
- Re: [ietf-dkim] punting into near-term standardiz… Douglas Otis
- Re: [ietf-dkim] SSP requirements Stephen Farrell
- Re: [ietf-dkim] SSP requirements Stephen Farrell
- Re: [ietf-dkim] SSP requirements Hector Santos
- Re: [ietf-dkim] SSP requirements Hector Santos
- Re: [ietf-dkim] A more fundamental SSP axiom Scott Kitterman
- Re: [ietf-dkim] The problem with sender policy Arvel Hathcock
- Re: [ietf-dkim] SSP requirements Damon
- Re: [ietf-dkim] The problem with sender policy Damon
- Re: [ietf-dkim] SSP requirements Damon
- Re: [ietf-dkim] SSP requirements Damon
- Re: [ietf-dkim] SSP requirements Hector Santos
- Re: [ietf-dkim] The problem with sender policy Jeff Macdonald
- RE: [ietf-dkim] The problem with sender policy Bill.Oxley
- Re: [ietf-dkim] The problem with sender policy Dave Crocker
- Re: [ietf-dkim] The problem with sender policy Jeff Macdonald
- Re: [ietf-dkim] SSP requirements Douglas Otis
- Re: [ietf-dkim] SSP requirements Stephen Farrell
- Re: [ietf-dkim] A more fundamental SSP axiom Graham Murray