I think that the realistic goal here is that it should be possible for a list
to be configured to allow a message to survive.
I would expect the few lists where authenticity is a big deal (e.g. full
disclosure) to do this.
It would also be useful to give some guidelines to mailing lists that are going
to mangle messages of ways in which they can do this without causing grief.
The key point about a mailing list is that the user subscribes to it. So an
email client that is aware of what it is doing can in theory make the right
choice here.
Example
Alice
signs message
sends to the Mangle Mailing List
Mangle:
converts the HTML message into plaintext
[optional removes Alice's signature]
adds the RFC ???? Mailing list headers
adds a DKIM signature
Carol, Doug, etc mail servers:
looks at the last signature to be applied first, sees that it verifies
notes that the signature includes the mailing list headers
notes that Carol Doug etc have subscribed to this list
concludes that the message is likely authentic despite being out of
compliance with SSP
Compared to what is being done today this is a cakewalk. This is a completely
objective process with no need for AI complete processing.
If Alice was doing Secure Letterhead then her logotype icon should NOT be
displayed in this case (signature invalid)
But a logotype icon for the list could be displayed.
________________________________
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org on behalf of John Levine
Sent: Thu 13/10/2005 2:58 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Cc: leiba(_at_)watson(_dot_)ibm(_dot_)com
Subject: Re: [ietf-dkim] Re: dkim service
3. If it decides that it should pass, the mailing list should LEAVE the
existing signature (that part is not universally agreed on, of course,
Since the signature won't verify any more, I don't see the point.
There have been some proposals to standardize a header that a verifier
could add to say that it found a good signature, and the outgoing
signer could sign that, but I'm not sure that's any more useful in
practice. How much list mail do you get where there's a question
about whether the nominal sender really sent a message? Again, in my
experience it's rare enough that we are reduced to citing individual
spoofed messages.
The mailing list may, of course, choose to re-sign the message even if
it does not mangle it, which is all the more reason to leave the
original (still-valid) signature there.
If the list happens to do little enough to the messages that the
signature still passes, that's fine. I just want to make sure that
surviving lists is a non-goal, because it's a hopeless swamp.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org