Paul Hoffman wrote:
At 2:05 PM -0800 3/15/06, Michael Thomas wrote:
And then what? What would you have my receiver do differently just
because some random third party inserted a signature?
There is no "random third party" here. It is a mailer that the user
gets mail from. The signature would match the content of the message
that they got, including list-specific content such as List-* headers,
the possibly-munged Subject line, and the possibly-munged body.
How does a receiver know the difference between a "mailer" and a
"random third party"? Are you saying that you, Paul, can tell the
difference? That's substantially different than a piece of software
trying to do the same.
What they would do differently is validate the signature, see that it
is from someone who is supposed to be signing the message, and accept
it, just like they do for regular mail.
How do I, as a receiver, determine "who is supposed to be signing the
message"?
It's not from the From: address as that's from the originating domain.
And any
random spoofer can insert a Sender: and sign that message. You're making
pretty big assumptions that I, as a receiver, have any clue as to what the
relationship between the purported from and the mailing lists it
traverses are.
In fact, we at Cisco have absolutely no clue about that at all, and I'd
be pretty
surprised to hear that anybody of any size has any more clue.
The fact that the WG has not yet decided how to handle multiple
signatures does not mean that it won't in the future.
I'm not saying that. I merely said that your example does not require that
you drag that unfinished piece of business into the discussion.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html