Warren Togami Jr. [ARCHIVE] on Nostr: 📅 Original date posted:2015-06-19 📝 Original message:On Fri, Jun 19, 2015 at ...
📅 Original date posted:2015-06-19
📝 Original message:On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike at plan99.net> wrote:
> The new list currently has footers removed during testing. I am not
>> pleased with the need to remove the subject tag and footer to be more
>> compatible with DKIM users.
>>
>
> Lists can do what are effectively MITM attacks on people's messages in any
> way they like, if they resign for the messages themselves. That seems fair
> to me! :)
>
Mailman isn't resigning it. Should it be? Does other mailing list
software?
>
>
>> I'm guessing DKIM enforcement is not very common because of issues like
>> this?
>>
>
> DKIM is used by most mail on the internet. DMARC rules that publish in DNS
> statements like "All mail from bitpay.com is signed correctly so trash
> any that isn't" are used on some of the worlds most heavily phished domains
> like google.com, PayPal, eBay, and indeed BitPay.
>
> These rules are understood and enforced by all major webmail providers
> including Gmail. It's actually only rusty geek infrastructure that has
> problems with this, I've never heard of DKIM/DMARC users having issues
> outside of dealing with mailman. The vast majority of email users who never
> post to technical mailing lists benefit from it significantly.
>
> Really everyone should use them. Adding cryptographic integrity to email
> is hardly a crazy idea :)
>
I understand the reason to protect the "heavily phished" domains. I heard
that LKML does not modify the subject or add a footer, perhaps because it
would make it incompatible with DKIM of the several big corporate domains
who participate.
I suppose it is somewhat acceptable for us to remove subject tags and
footers if we have no choice...
Warren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150619/bce0b675/attachment.html>
📝 Original message:On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike at plan99.net> wrote:
> The new list currently has footers removed during testing. I am not
>> pleased with the need to remove the subject tag and footer to be more
>> compatible with DKIM users.
>>
>
> Lists can do what are effectively MITM attacks on people's messages in any
> way they like, if they resign for the messages themselves. That seems fair
> to me! :)
>
Mailman isn't resigning it. Should it be? Does other mailing list
software?
>
>
>> I'm guessing DKIM enforcement is not very common because of issues like
>> this?
>>
>
> DKIM is used by most mail on the internet. DMARC rules that publish in DNS
> statements like "All mail from bitpay.com is signed correctly so trash
> any that isn't" are used on some of the worlds most heavily phished domains
> like google.com, PayPal, eBay, and indeed BitPay.
>
> These rules are understood and enforced by all major webmail providers
> including Gmail. It's actually only rusty geek infrastructure that has
> problems with this, I've never heard of DKIM/DMARC users having issues
> outside of dealing with mailman. The vast majority of email users who never
> post to technical mailing lists benefit from it significantly.
>
> Really everyone should use them. Adding cryptographic integrity to email
> is hardly a crazy idea :)
>
I understand the reason to protect the "heavily phished" domains. I heard
that LKML does not modify the subject or add a footer, perhaps because it
would make it incompatible with DKIM of the several big corporate domains
who participate.
I suppose it is somewhat acceptable for us to remove subject tags and
footers if we have no choice...
Warren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150619/bce0b675/attachment.html>