3. If it decides that it should pass, the mailing list should LEAVE the
existing signature (that part is not universally agreed on, of course,
Since the signature won't verify any more, I don't see the point.
There have been some proposals to standardize a header that a verifier
could add to say that it found a good signature, and the outgoing
signer could sign that, but I'm not sure that's any more useful in
practice. How much list mail do you get where there's a question
about whether the nominal sender really sent a message? Again, in my
experience it's rare enough that we are reduced to citing individual
spoofed messages.
The mailing list may, of course, choose to re-sign the message even if
it does not mangle it, which is all the more reason to leave the
original (still-valid) signature there.
If the list happens to do little enough to the messages that the
signature still passes, that's fine. I just want to make sure that
surviving lists is a non-goal, because it's a hopeless swamp.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org