Jim Fenton wrote:
------------------- 1/0/0
-The list server adds a signature.
-does not remove the existing signature,/
-does not modify the message
[...]
If I want to treat certain messages preferentially, perhaps
because they come from the ietf-dkim mailing list, I'd like
to make that decision based on a signature.
I think we're in trouble if the list signs something that is
already signed. If you get a valid signature and the List-Id,
why do you want a second signature from the list in addition
to (or instead of) the "original" signature ?
Active participants in a list are likely to treat the list
preferentially, and it's very easy to see who they are. So
an attacker might try to spoof the list to get someone to
read a message.
Yes, he'd get a throw-away domain. a PASS bound to it, and
adds the List-Id to get around your guards. OTOH he's an
unknown stranger from your POV, you wouldn't white list him.
So this trick won't work, let alone more than once for the
same throw-away domain. But if this is somebody you know as
active participant you can white list him, and after that it
works for private mails from this participant as well as for
mails you get via the mailing list, and for courtesy copies.
Bye, Frank
_______________________________________________
ietf-dkim mailing list
http://dkim.org