[ Replies sent to ietf-822 since this is unrelated to DMARC ]
I've submitted a draft for a new Authentication-Results method a while
back . I'd like to get some feedback.
My use-case is: on a mailing list system , I'd like to display PGP
signature status, if a PGP signature is present. ...
Does this sounds like something worth doing?
Maybe, but probably not.
DKIM is intended as a signature for messages in transit, applied as a
message leaves its sending system and verified as it arrives at the
recipient system. The sorts of changs made by list managers often
break DKIM signatures, causing all sorts of excitement when DMARC
PGP signatures (and S/MIME signatures) are normally applied and
verified by the end-user mail programs. They're in the message body
and the changes that list managers typically make, tagging the
signature or adding body headers or footers, are unlikely to break a
Or to put it another way, if your A-R header said the PGP signature on
the message contents was good, but the end user found it was bad, that
would suggest something was screwed up, not normal mailing list
PS: It's not unreasonble for a list manager to use a PGP signature to
verify that it should forward a message, but there's not much use to
adding a header saying it did so.
ietf-822 mailing list