What is not clear to me is the benefit of a mailing list signature
that is required to vouch for the authenticity of someone elses
FROM: address.
It's vouching for the authenticity to the extent that it's promising
that this is the same From: address that was on the message when the
list sent it out. It's the same promise that every DKIM signature
makes.
I am concerned that the FROM: address is becoming a conceptual
bottle neck, and would like to see a solution that allows mailing
lists and other forwarders to sign mail ("as I forwarded this")
without implied claims about the authenticity of the FROM: address.
As far as I know, no DKIM signature, from anyone, ever makes any
claims about the authenticity of the From: address. A DKIM signature
is a statement from the signing domain that "this is mine", not "this
is real".
Perhaps some grandson-of-SSP will let signers publish assertions
about the semantics of their signatures, but that is vastly beyond
the scope of anything we're considering now.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org