Re: We need an architecture, not finger pointing.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In message <alpine.OSX.2.11.1510271801250.34501@xxxxxxx>, "John R Levine" write
s:
> > Actually we need to validate two assertions:
> >
> > * That the mail came from the stated author, e.g. PHB.
> > * That the mail was relayed by the IETF mailing list.
> 
> Well, yes, but those are easy.  What's hard is demonstrating that the 
> message that the list relayed is the same in a semantic sense as the 
> message that Phill sent, even though it has the kind of changes that lists 
> make, a tag in the subject line, a footer at the bottom, and attachments 
> stripped.

Perhaps we should not be stripping attachments but encapsulating
the whole message with enough DKIM signed meta data to enable DKIM
processing to work a the far end after DKIM verifying the mailing
list input first.  This gives you a trust chain. 

Add in List-Label: <string> header to allow the MUA to insert it
into the displayed Subject: and a footer after the encapsulated
message.  The latter should work immediately.

If list policy is not to have attachements then reject the
submission rather than strip the attachements.

If list policy is no text/html then reject messages with text/html.

Mark

> See the last decade or so on the DKIM and now DMARC mailing lists for 
> endless not very productive discussions about ways to describe permitted 
> changes without also allowing vast amounts of spam and phishing, leavened 
> by blithe assertions that mailing lists have been doing the wrong thing 
> for 40 years and should never make any changes to messages at all.
> 
> Regards,
> John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@xxxxxxx




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]