ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: dkim service

2005-10-16 22:19:35
Earl Hood wrote:

On October 13, 2005 at 16:20, Jim Fenton wrote:

This relates to one of the motivations for multiple signatures. If you have a non-mangling mailing list, you might want to preserve the original signature, because it's still valid and some people might want to base a decision on that. They (or others) might want to know for sure that it came from the list, because they want to make sure that they read all messages on the list. A WG chair might have that concern, for example.

And here is where roles can play an important role, especially wrt SSP.
The mailing list signature could not be applied, or be valid, if the
SSP (as currently defined) disallows 3rd-party signatures (and it
has been argued that no entity should allow 3rd-party sigs due to
spoofing concerns).

However, if the list sig had a role specification, SSP constraints
would not be a factor since the list is not claiming any relationship
with to the OA.
That would be fine if the recipient had a way of seeing the role -- or the claimed role since there is no way of proving it -- associated with the signature. But most message recipients (Outlook users being a notable exception) only see the From address. Your messages to the list (that aren't individually addressed to me) still look to like they come from "Earl Hood <earl(_at_)earlhood(_dot_)com>" despite the fact that I get them from the list. The list doesn't have to claim any relationship with the OA; my MUA (and many others!) do it for them.

-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org