Dave Crocker wrote:
This is very interesting. For our antispam system I'd like to be able
to distinguish between mailing list traffic and person to person
traffic, since they largely have very different characteristics. In
this sense, to me, 'do the right thing' would be to re-sign the
message -- we've been able to use Yahoo! Groups (re)signing as a
feature. I'm sure that others could easily argue that doing the right
thing is to leave the message in a way that encourage the final
receiving system to check the initial signature, so they could apply
rules based on the original author.
Hmmm.
Indeed.
Sounds like good reasons for two, different styles of signature use.
Ok, just for the moment, let's assume that we did that.
I guess the obvious next question then would be: why only two? That
is, are there other use cases which are sufficiently different that
some level of extensibility is needed?
This could represent a potential slippery slope, but if we added
some kind of signature typing, with each type having associated
rules, we could define two types now, (perhaps originating MTA
and list server) and then someone else could define others later
on.
But is there a need for that?
Sounds like a good reason to permit both and let operators and users, in
the wild, play with them and find out what scenarios are the most helpful.
Therefore it seems that,
a) we should not specify DKIM in a way that makes either scenario
automatically break -- where "automatically" means that a user of DKIM
might, on their own, do something to break one or another scenario -- and
b) we should not recommend or require either scenario, although
non-normative discussion could provide helpful pedagogy, to show DKIM's
possible flexibility.
Nice summary,
S.
_______________________________________________
ietf-dkim mailing list
http://dkim.org