[Top] [All Lists]

Re: [ietf-822] [dmarc-ietf] Request for feedback: draft-ser-authentication-results-openpgp

2020-10-19 20:24:37
[ Replies sent to ietf-822 since this is unrelated to DMARC ]

In article 
 you write:
I've submitted a draft for a new Authentication-Results method a while
back [1]. I'd like to get some feedback.

My use-case is: on a mailing list system [2], I'd like to display PGP
signature status, if a PGP signature is present. ...


Does this sounds like something worth doing?

Maybe, but probably not.

DKIM is intended as a signature for messages in transit, applied as a
message leaves its sending system and verified as it arrives at the
recipient system. The sorts of changs made by list managers often
break DKIM signatures, causing all sorts of excitement when DMARC
is involved.

PGP signatures (and S/MIME signatures) are normally applied and
verified by the end-user mail programs. They're in the message body
and the changes that list managers typically make, tagging the
signature or adding body headers or footers, are unlikely to break a
PGP signature.

Or to put it another way, if your A-R header said the PGP signature on
the message contents was good, but the end user found it was bad, that
would suggest something was screwed up, not normal mailing list


PS: It's not unreasonble for a list manager to use a PGP signature to
verify that it should forward a message, but there's not much use to
adding a header saying it did so.

ietf-822 mailing list

<Prev in Thread] Current Thread [Next in Thread>