-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of t.petch
Sent: Saturday, July 30, 2011 3:26 AM
To: Barry Leiba
Cc: ietf
Subject: Re: DKIM Signatures now being applied to IETF Email
Sadly, I do not see it being used in the mailing lists where an
organisation is sending me directly data I would like to be able to rely on
- which I think fits the applicability well - and instead, I see it
being used on a mailing list such as those in the IETF where I
believe that the costs outweigh the benefits - and I have no choice
about that:-(.
There has been some post-DKIM talk recently about the idea of "transient
trust", wherein (to use this example) ietf.org would verify the signature on an
arriving list submission, attach an RFC5451 header field that indicates the
results of that verification, then send the message out to the list with that
added field and a new ietf.org signature that "covered" it. Then, if you
decide to believe ietf.org's claims about the original signature, you know more
than you would otherwise.
This hasn't been widely deployed yet, but some big email providers are
currently playing with the idea.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf