Dave CROCKER wrote:
On 8/24/2010 11:59 AM, MH Michael Hammer (5304) wrote:
Then it would appear that we are substantially in violent agreement.
in spite of our best efforts.
may I suggest we stop here for a moment and get back to the original
question, which in essence was: should a 1st signer DKIM signature be
preserved 'coûte que coûte' when a message is handled by a MLM, or not.
To answer this question I'd like to quote the excellent summary of what
DKIM is about, posted earlier today by Wietse:
The DKIM signature
provides a simple piece of trace information ("I handled this mail")
that is cryptographically bound to some header and body content.
The receiver can use this trace information for any purpose that
she deems suitable.
I think most of us can agree with this summary of what DKIM really is,
without all the bells and whistles we often like to attribute to it.
Next we add a quote from Dave about what the MLM does:
An MLM creates the message. That the message might look a lot like
one sent /to/ it is nice, but it's also confusing. The original author is
ultimately, responsible for what the MLM chooses to send
Again, most of us will agree with this, I assume. Now combining the two,
and _without focussing on any hypothetical action of a verifier or
recipient_, the conclusion must be that the MLM adds its own
DKIM-signature, leaving the original DKIM-signature(s) untouched. After
all, removing the original DKIM signature would mean removing a piece of
trace information provided by the originating domain. And once it's
gone, it's gone. Leaving the original DKIM signature untouched is in
line with chapter 4 of RFC4871 including par. 4.2 that states:
Signers SHOULD NOT remove any DKIM-Signature header fields from
messages they are signing, even if they know that the signatures
cannot be verified.
I haven't found any text in the erratum of 4871 / 5672 that obsoletes
this text. This means we can treat (regarding this particular aspect)
MLMs like any other re-signing agent, no exceptions are required.
And yes, this means my opinion changed, I no longer advocate the use of
multipart/alternative to preserve the 1st signer DKIM signature, instead
it is my opinion now that an MLM should leave it untouched (and not
remove it). I have come to this conclusion by looking at what DKIM is,
and carefully avoiding looking at what a verifier or recipient might
possibly do with the information it provides. We should not change the
essentials of DKIM for sake of MLM transparancy; the best we can do is
document the status quo of the combination of DKIM and MLMs, its
problems and (within the boundaries of the DKIM spec) any hints that can
solve or mitigate those problems.
NOTE WELL: This list operates according to