A) the mailing list server adds a signature i= (signer) and "From:" are
different. The signature may be invalid if the sender SSP does not allow
third party signature.
That's a good argument why the Lists's signature should not cover
the FROM: etc. headers with the poster's address, but be limited
to the message headers that identify the List itself.
Seems to me that it tells us that list software shouldn't forward
messages from domains that use SSP to say no third party signatures.
There are all sorts of techniques that people use to validate mail
sent to mailing lists, from passwords in the message to challenges
back to the sender to manual moderators who know the writing styles of
their contributors. If the sender's been validated, why shouldn't the
list software sign the while message?
Thinking about the situations where domains would be likely to use SSP
to say no third-party signatures, it's hard to imagine one where they'd
want their mail to be forwarded through a mailing list. If mail through
a list fails with that SSP setting, it's probably a feature.
This scenario also may be a hint that the current model of SSP won't
be very useful, but I don't think we'll know until we try it.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org