1. Alice works for Alice-Corp who publish a policy to the effect
that they and only they sign all their outbound mail.
2. Alice posts a message to Foo-list which signs the message
itself and drops Alice's signature.
3. Bob receives the message from the Foo-list, signed by the list.
4. Bob looks up Alice-Corp's ssp assertion and considers the
message as having a bad signature.
5. In order to allieviate this problem Alice-Corp are forced
to weaken their policy to allow 3rd party signatures to be
accepted by Bob.
I don't consider this a problem per se. In this case, Alice-Corp has made a
conscious decision to refrain from the maximum possible protection in order
to allow Alice access to a mailing list. So a decision was made at
Alice-Corp that granting access to the list for Alice is more important than
an Exclusive policy. This was their decision to make and DKIM is flexible
enough to allow for it.
Other companies may decide that it's unwise to completely relax policy on a
domain-wide scale simply to allow mailing list use. For those, putting list
participants on a separate sub-domain could solve the problem.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org