Dave Crocker writes:
The practical problem with From: field munging by MLMs that are
otherwise trying to relay a largely-unmodified messages, is that they
effective destroy author information, by putting in a different email
address.
This is helpful for identifying the three key stakeholder needs:
1) MLM's such as IETF want to alter the author's submission.
2) Authors like Hector want their submission left unmodified
3) Users like Dave want accurate author information in the MUA.
There is no legal corollary for "largely-unmodified". If I use whiteout on a signed document, spill an ink bottle on hallf of the signature, or replace the special lawyer-only staples with standard staples, the document ceases to be trusted and is probably unenforcable.
The nature of the changes made by the IETF mailing list renders the reverse transformation impossible, so there is no way to validate the transformed document against the original unless the original is obtained, yet the purpose of the transformatiin is to hide the original. A real solution has to eliminate this operation. Hector is right.
MLMs could compare a submission against their screening criteria and reject submissions rather than transforming them. IETF wants text-only subnissions. Why not simply require text-only? Because we have a MUA problem: Some MUAs, including the one I am using, do not provide an option for sending text on ly. Fix tbe submitter MUA and you eliminate the need for MLM reauthoring.
The recipient need is ironic. We have established that the MUA's handling of From is unimportant as it has no effect on user behavior, and Dave has been forceful on this point. But now Dave and others argue that From rewrite is a problem because it reduces the usability of the MUA. The two positions need to be reconciled.
However, the upshot of this issue is that From rewrite creates a MUA problem and it can be solved with MUA changes. I have previously reported that my 3 MUAs present the IETF header information in 3 different ways. This is ripe for standadization, and the header rewrite objection can be addressed during that process.
So we have two MUA problems. Fixing the latter one provides a quick fix while header rewrite continues. Fixing the former one and changing MLM behavior will take a little longer, but provides a high-integrity end result over time.
IETF also applies Subject tagging, which breaks DKIM signatures. There are altetnatives for this as well, largely involving MUA tweaks.
DF
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
