On 7/20/2014 10:03 AM, Brian E Carpenter wrote:
On 21/07/2014 01:26, Michael Richardson wrote:
Regardless of how/if/why/when we process DMARC as a specification, we need to
decide how ietf.org MTA is going to deal with things.
1) someone has to fund changes to mailman, and perform testing, installation,
and community education for the IETF mailing lists. That implies that
we have to decide *for ourselves* where and how we will "break" the
DMARC/DKIM connection, and if we will reject email from p=reject senders
before we attempt to relay.
I thought the preferred solution was to rewrite the From for those users only.
-1.
Its not the preferred solution. Not one iota. Please don't endorse
this radical "email game changing" behavior. Since you are among the
"top IETF key cogs," if its preferred among the IETF key cogs, as you
are making it sound, then this is not good at all. It would be a
serious "game changer." It goes to show how much the IETF really
cares about the concerns for the wider and entire mail networking
community which is obviously becoming less and less. It will set a
terrible precedence and obvious security loophole if you crack open
this door. The "From" could never be trusted again and the new
algorithms necessary to separate and categorized the good from the
bad, will be overwhelming and complex at all levels.
Plus, if you ask and explore the risk and liability issues with your
chief council, you could be playing with fire here. I wouldn't do it.
Bad idea.
I don't recommend any change to the ietf.org list mail process
regarding DMARC until there is a 3rd party authorization framework in
place. The lack of one currently should not suggest breaking security
as the "path of least resistance" should be endorsed by the IETF.
--
HLS