Re: openssh-unix-dev DMARC-related settings (was Re: scattered thoughts on connection sharing)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Ángel wrote in
 <14341e304e23ff2bb276f727991228740c8bb470.camel@xxxxxxxxxx>:
 |On 2024-07-20 at 16:30 -0400, James Ralston wrote:
 |> The real issue here is that the Mailman configuration for the
 |> openssh-unix-dev list does not appear to set
 |> `dmarc_moderation_action`
 |> (in `Privacy options` - `Sender filters`) to either `Munge From` or
 |> `Wrap Message`, which is necessary for lists where ...
 |
 |"Necessary" if the client machines re going to penalize DMARC that way.
 |
 |If the clients recognised that the user is subscribed to that mailing
 |list and thus wouldn't penalise it as a forged mail, we wouldn't need
 |to change the mails to show a fake sender on From:

i will never understand how the IETF can map that "one hop
reputation" of for example DKIM .. to quote myself

  (ie "Organizational Trust" of RFC 5863) to entire message chains
  "over the corner" aka "many hops" (like ARC etc).

But yes, if MUAs would give the user an option to wave through
a chain of emails where each hop verifies and signs DKIM, and
where DKIM would notify "i changed the message, it is useless to
try to verify elder signatures", this would be fine.

But it will likely nonetheless require From: changes (and if only
for the others).
The IETF has a nice approach with tables where you get the real
name with <address@xxxxxxxxxx...> in From:.  But that is
complicated to do.
(But *IF* ie GMail would allow this we could get rid of DMARC and
ARC altogether etc, at least.  That would be a good thing imho.)

P.S.: that terribly to use port-knocker i posted had some bugs
i have fixed in a 0.8.1; if you knock hard enough, it will do it
for you.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux