Jeremy Harris wrote in <efc96450-aa58-434e-ae94-3bf2fc09e...@wizmail.org>: |On 30/01/2025 21:19, Michael Thomas wrote: |>> I’m a little unclear on the need to fully describe the “mutation\ |>> ” that might be applied by an intermediary. Even if fully descri\ |>> bed, you need to have some trust of the intermediary to accept t\ |>> he mutation, because otherwise you don’t know that the mutation \ |>> doesn’t contain harmful/unwanted content (barring some magic AI \ |>> thing perhaps). |> Yeah, that's what I'm trying to understand. If you can recover the \ |> original signature, you could conceivably run spam filters separately \ |> on the different parts using the reputation (if any) of the different \ |> parts, I suppose. But how big of a deal is that in the real world? | |One useful thing from being able to recover the message as it arrived |at a mailing-list manager: An MUA displaying the message could |display the original From: header - undoing some of the damage that |(IMHO) dkim/dmarc has perpetrated in forcing MLMs to rewrite From:
It is better than that, actually!! A user interface could allow users to configure rather *exactly* what email path/hop is allowed to modify which parts of an email! Ie, one could "click together" things like "may modify subject", "may add footer", and any other modification would again require active user interaction --- aka "turn red" the traffic light that tries to protect users from malicious things. This could/should work per "DKIM signature hop" even, no matter which path "is further away", if only some real life would be breathed into i= (or a better mechanism that does not use a "@" byte which blows atext parsers if unquoted, it really should not have been unquoted..). Or some new mechanism that gives the real address used by the hop would be included in the DKIM-Signature, so that users could defines an exact "this address -> this action" ruleset. This is not included in DKIMACDC from my point of view. (In general DKIMACDC is a draft, i am not omnipotent or something.) This, to some extend, mirrors a nice feature of the Opera browser from times before they gave up the fight. If i recall correctly (i pretty surely do) one could click on certain <img> tags etc in a web page, and the browser would remember that these parts of the page are undesired, and would neither load nor (not even thus) display them! Ie, in that spirit. It of course requires a rather sophisticated parser and user interface to get that right, and a little bit of storage to store the according information. |I want this because, as a reader of MLs - I want to know who wrote |the message, and to not have to waste brain cycles on guessing an |un-munge. | |So the charter should permit the WG to work on the "mutations" thing. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
