On 2/4/25 2:43 PM, Wei Chuang wrote:
So at least two items flow from this:
1. Any site that modifies the substance of a message(*) must add
its own signature and facilitate determining what the changes
are it made.
2. Any mechanism that does the desired reversals needs to work
across a series of changes, so that each change agent can be
identified and their changes attributed to them. Nested
accountability.
3. Recipients are still going to blame the original author for
the problematic content.
I think 1) and 2) are exactly right and email receivers' spam filters
can make use of that more precise attribution information. Each
originator or forwarder has to own the entire message that leaves its
system. Forwarders facilitate reversing their changes to recover any
prior hop's message that can then be verified. To your point below,
we might say that the receiver has some sort of history mechanism
where that attribution is used. 3) is likely true. I've heard that
there are ideas around UIs proposals that might be able to distinguish
the different contributions.
-Wei
Wei -- I have much the same questions as Dave. The current situation is
that if a mailing list resigns a message, it can take ownership of the
message and the receiver can take into account the mailing list's
reputation (if any) in addition to whatever spam filtering it does. If
it doesn't resign, it just looks like an ordinary unsigned message which
is treated as such.
Is the implication that, say, a resigned message from a mailing list
might end up either rejected or in a spam folder where it otherwise
wouldn't be if the original signature survived? How common is that?
Mailing lists are fairly much on the margins of volume as far as I've
ever heard. I think that IETF magnifies their importance since
everything depends on them, but in the wider world are not as important
as they used to be. FWIW, I don't think I've ever seen any of the
mailing lists I've been on ended up in my spam folder, but that just
anecdotal.
It's really hard to judge how important this really is from the outside,
and what is motivating this piece of work, especially when people are
calling for a complete revamp of DKIM.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
