John Levine wrote:
I feel like I'm in the twilight zone here. E-mail mailing lists have
been around for over 30 years, and have been mutating and remailing
messages just as long.
Does anyone really think that DKIM can set rules about the way that
existing mailing lists can run, and get any response other than
derisive laughter?
The problem is that mailing list are not described by any RFC. That's
one of the reasons why so many mailing list manager exists and your are
right, many mailing list software will not deal DKIM-Signature according
to DKIM RFC specification.
Is this a good reason why some hack are added in DKIM ? The lengh spec
in DKIM-Signature seems intended for old dirty mailing list software to
be able to add some message trailer without alteration of the signature.
We known that it will be source of problems (it make the replay attack
more sensible) but in any way such mailing list software will probably
brake the signature for many other reasons (change in headers for example).
Such arrangment will make life harder for thoses who wants full
compatibility with DKIM, why not remove this facility ?
Sympa (and probably a few other mailing list managerd) is allready ready
for S/MIME signature (it test if the message is signed, and don't
modify the message body by any way) . It can be adapted for DKIM doing
all what is required (for exemple testing if the subject is signed
before adding [LISTNAME] tag in it etc.
I think it is reasonnable to specify what mailing list MUST do.
Serge Aumont
_______________________________________________
ietf-dkim mailing list
http://dkim.org