Aumont - Comite Reseaux des Universites wrote:
The problem is that mailing list are not described by any RFC. That's
one of the reasons why so many mailing list manager exists and your
are right, many mailing list software will not deal DKIM-Signature
according to DKIM RFC specification.
As someone pointed out earlier, there are two kinds of mailing lists:
those that modify the message and those that don't. By "modify" here I
mean any changes to the body and to any of the signed headers. Adding
additional headers isn't considered a "modification" in this context
(unless the signature is constructed to prevent the header from being
added).
Here's how I think it should work:
Lists that don't modify the message MAY re-sign it. They SHOULD NOT
remove the original signature, because its validity has not been
affected and it provides useful information. Verifiers MAY consider the
original signature or the list signature (subject to Sender Signing
Practices) in deciding what to do with the message.
Lists that do modify the message SHOULD re-sign it. They MAY remove the
original signature, because it is probably invalid anyway. Verifiers
MAY consider the list signature in the handling of the message.
I believe that signatures from lists (and other third-parties) will be
more dependent on reputation and accreditation (and local white lists
and black lists). This is because third-party signatures allow messages
to be signed by anyone, not just the originator's domain, so it's more
important to have some information indicating that the third party is
reliable. Domains that host many reliable lists, like ietf.org, imc.org,
mipassoc.org, yahoogroups.com, etc. as well as those that operate other
third-party signing applications (evite.com, nytimes.com, ...) will
generally be whitelisted. But it will be very easy for attackers to
apply third-party signatures from throwaway domains so domains with
little reputation will have difficulty getting their third party
signatures accepted. This isn't a characteristic of DKIM, but is a
characteristic of how I expect it will be used in a few years.
Lists MAY decide to sign a header indicating whether the message they
received was signed. I'm not entirely sure how that would be used,
however. As is currently the case, lists can use whatever criteria they
want to decide whether to propagate an incoming message: whether the
From address corresponds to an address on the list, for example.
Likewise, I can imagine that some lists might eventually require DKIM
signatures in order to propagate messages (or bypass moderation); it's
entirely up to them. I have a little trouble imagining that they might
sign some messages and not others: why would they propagate a message at
all when they don't have enough confidence to sign it?
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org