ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: DKIM and mailing lists

2006-01-19 09:57:58
John Levine wrote:

I feel like I'm in the twilight zone here.  E-mail mailing lists have
been around for over 30 years, and have been mutating and remailing
messages just as long.

Does anyone really think that DKIM can set rules about the way that
existing mailing lists can run, and get any response other than
derisive laughter?

The problem is that mailing list are not described by any RFC. That's one of the reasons why so many mailing list manager exists and your are right, many mailing list software will not deal DKIM-Signature according to DKIM RFC specification.

Is this a good reason why some hack are added in DKIM ? The lengh spec in DKIM-Signature seems intended for old dirty mailing list software to be able to add some message trailer without alteration of the signature. We known that it will be source of problems (it make the replay attack more sensible) but in any way such mailing list software will probably brake the signature for many other reasons (change in headers for example). Such arrangment will make life harder for thoses who wants full compatibility with DKIM, why not remove this facility ?

Sympa (and probably a few other mailing list managerd) is allready ready for S/MIME signature (it test if the message is signed, and don't modify the message body by any way) . It can be adapted for DKIM doing all what is required (for exemple testing if the subject is signed before adding [LISTNAME] tag in it etc.
I think it is reasonnable to specify what mailing list MUST do.

Serge Aumont
_______________________________________________
ietf-dkim mailing list
http://dkim.org