On 5/17/2010 10:08 PM, John Levine wrote:
The signature means that this message really truly
came from the mailing list
Actually, DKIM makes no statement about authorship or even actors in the
handling sequence. It merely says that that verified domain is willing to take
"some" responsibility for the message.
The more we slip into loose references to authorship or operational origins,
more we wind up having to dig ourselves out of semantic mismatches later.
If there is a desire and need to have the semantic be "came from the mailing
list" then there needs to be a mailing list equivalent to ADSP, which
a DKIM signature with the domain in a List-ID header field.
NOTE WELL: This list operates according to