Jim Fenton wrote:
Thanks for the summary, Stephen.
Stephen Farrell wrote:
- There are arguments that supporting both original and
mail-list signatures would be useful, but there are
also difficulties with this in particular adding the
mail-list signature will often break the original
signature. (If the mail-list signature only covers
the content and certain headers like List-Id then
this might work better).
>
I didn't find the original mention of this, but I'm not clear on why
adding a mail-list signature would break the original. It's just an
additional header field, and unless the original signature was
constructed to prevent that (by including DKIM-Signature in the h=
headers) there shouldn't be a problem. What might break the original
signatures is the modifications to the message that necessitated the
mail-list signature.
You're right. Better if I'd said "The mailing list may change
fields of the message before signing, thus breaking the
original signature."
- Some particular headers may cause difficulty when a
mailing list is re-signing an originally signed message (e.g.
"Reply-To", "Subject").
[http://mipassoc.org/pipermail/ietf-dkim/2006q1/001821.html]
I didn't get quite this meaning from Frank's message. I don't know what
the difficulty is; the list just has to make any modifications it's
going to make before it re-signs. Like Frank, I would prefer if lists
didn't do a lot of things they currently do to messages. Nevertheless,
I realize that some lists are advertising-supported, so it's a behavior
we're going to have to deal with.
Agreed. Better if I'd said: "Changes to some particular headers
(e.g. "Subject", "Reply-To") and/or the body may cause difficulty
when a mailing list is re-signing an originally signed message."
Which is almost the same as the above I guess and probably not
worth saying twice:-)
Cheers,
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org