ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: dkim service

2005-10-13 13:01:25
3. If it decides that it should pass, the mailing list should LEAVE the
existing signature (that part is not universally agreed on, of course,

Since the signature won't verify any more, I don't see the point.
There have been some proposals to standardize a header that a verifier
could add to say that it found a good signature, and the outgoing
signer could sign that,

And possibly the signature header as well, assuming it was retained.

but I'm not sure that's any more useful in
practice.  How much list mail do you get where there's a question
about whether the nominal sender really sent a message?  Again, in my
experience it's rare enough that we are reduced to citing individual
spoofed messages.

Even supposing the information is theoretically useful in a non-negligable
number of cases, how would you propose to communicate these semantics to a
novice user? The semantics of a single DKIM assertion are already pretty tricky
- as evidenced by the debate we've been having. I see little hope of making
this case clear enough to be useful in practice.

The mailing list may, of course, choose to re-sign the message even if
it does not mangle it, which is all the more reason to leave the
original (still-valid) signature there.

If the list happens to do little enough to the messages that the
signature still passes, that's fine.  I just want to make sure that
surviving lists is a non-goal, because it's a hopeless swamp.

And getting deeper all the time.

                                Ned
_______________________________________________
ietf-dkim mailing list
http://dkim.org