Wietse Venema wrote:
Jim Fenton:
Thanks for the summary, Stephen.
Stephen Farrell wrote:
- There are arguments that supporting both original and
mail-list signatures would be useful, but there are
also difficulties with this in particular adding the
mail-list signature will often break the original
signature. (If the mail-list signature only covers
the content and certain headers like List-Id then
this might work better).
I didn't find the original mention of this, but I'm not clear on why
adding a mail-list signature would break the original. It's just an
additional header field, and unless the original signature was
constructed to prevent that (by including DKIM-Signature in the h=
headers) there shouldn't be a problem. What might break the original
signatures is the modifications to the message that necessitated the
mail-list signature.
When the list server's DKIM signature covers a FROM: header with
an address in some unrelated domain, would not this be considered
a third-party signature? This would be avoided by having the list
sign only the headers that identify the list.
When a recipient looks at a message, they see (typically) the From:
address. If there is a signature corresponding to this address, the
message has an Originating Address signature. If there isn't, but there
is some other valid signature on the message, it has a third-party
signature. It's the correspondence (or lack thereof) between the
signature address and the origin address that the user typically sees
that determines whether it's a third-party signature.
Signing the From: header is currently required, but suppose it weren't:
It would still be significant whether or not the signature represented
the From address, and that would determine whether it was a third-party
signature or not.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org