On 04/Apr/11 18:03, John Levine wrote:
Signers SHOULD NOT remove any DKIM-Signature header fields from
messages they are signing, even if they know that the signatures
cannot be verified. Instead, when a relay alters a message such
that any valid signature gets broken, it SHOULD re-identify the
message by synthesizing a new Message-ID for it, according to
Section 3.6.4 of RFC 5322.
Would that help deterring on-the-fly auto-conversions?
No, and it would be a bad idea, anyway. I often get two copies of a
message, one sent directly to me, one relayed through a mailing list
that changed it enough to break the signature. By any normal
standard, they're the same message, and it's useful to be able to tell
that from the common Message-ID.
You often said you don't sort list messages by author...
I heard the opposite complaint, about gmail automatically keeping a
single copy of list messages based on Message-ID. That poster said:
So, the user doesn't know whether moderator disapproved or edited
the message. Some moderators put replies to members' questions in
edits, so Gmail users don't see such replies to their questions.
Apparently, not all lists were made equal.
[I]f people were sufficiently aware of DKIM to do what you suggest,
they're aware enough to add a new signature which is the right
thing to do.
Agreed, and I also agree that mailing lists are a minor concern in the
current landscape. The MLM document could explicitly dispense mailing
lists from obeying the "SHOULD" quoted above, under suitable
conditions --they already remove signatures.
It is hard to accept that signatures may break even when the message
is not actually changed.
NOTE WELL: This list operates according to