Hector Santos wrote:
As an author of a list server, I prefer to STRIP the
signature when allowed to avoid tampering with the many
options already offered to the list owner.
If you tamper with the message that's your best choice. But
ordinary lists don't tamper with messages, they redistribute
them as is, adding their List header fields, and using their
own Return-Path for automatical handling of errors.
Sympa also adds an Errors-To reflecting the Return-Path, and
that's the main case where DKIM must work transparently, for
unmodified redistributed mails.
Strip old signature or similar recipes are hardcore gateways
stuff, not be part of normal DKIM procedures. Gateway operators
are supposed to know what they do.
o=? WEAK (signature optional, no third party)
Oops, there it is, when I checked the SSP draft some hours ago
I missed this. What does WEAK mean for an _unsigned_ mail at
a third party willing to sign it ? I hope it means nothing in
this case and affects only signed mails.
WEAK, strip, do not sign
Stripping a valid signature makes no sense for redistributors.
That's only necessary if the original mail is mutilated beyond
recognition, the forged / broken / inconvenient (pick what you
like) cases.
DKIM can't do much about these cases, recommend to exclude the
subjects from the signed header fields maybe. If the bad guys
try to abuse this by squeezing their spam into the subject let
them, it won't work as expected.
What about the WEAK (o=?) policy?
Yes, no part of the actual SSP draft. Not yet or not more ?
I don't see how it could work for unsigned mails. Should third
parties willing to sign mails always check the SSP ? In that
case I'd say a simple implementation of third party signatures
is DON'T. Fast, robust, and no chance to get in trouble. Bye
_______________________________________________
ietf-dkim mailing list
http://dkim.org