This is very interesting. For our antispam system I'd like to be able
to distinguish between mailing list traffic and person to person
traffic, since they largely have very different characteristics. In
this sense, to me, 'do the right thing' would be to re-sign the
message -- we've been able to use Yahoo! Groups (re)signing as a
feature. I'm sure that others could easily argue that doing the right
thing is to leave the message in a way that encourage the final
receiving system to check the initial signature, so they could apply
rules based on the original author.
Hmmm.
Sounds like good reasons for two, different styles of signature use.
Sounds like a good reason to permit both and let operators and users, in the
wild, play with them and find out what scenarios are the most helpful.
Therefore it seems that,
a) we should not specify DKIM in a way that makes either scenario
automatically break -- where "automatically" means that a user of DKIM might, on
their own, do something to break one or another scenario -- and
b) we should not recommend or require either scenario, although
non-normative discussion could provide helpful pedagogy, to show DKIM's possible
flexibility.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org