Damon wrote:
But there is a residual problem. Suppose jdoe(_at_)mipassoc(_dot_)org is a
subscriber to this list and someone spoofs a message from
jdoe(_at_)mipassoc(_dot_)org to the list. ietf-dkim(_at_)mipassoc(_dot_)org
accepts the
message and sends it to isp.com, their Authorized Signing Domain, and it
is signed and sent. Is the signature from jdoe (the author) or
ietf-dkim (the mailing list)? Without Authorized Signing Domains, you
could tell by looking at the local-part of i=. But now you can't. I
think this is an important distinction, even if it only applies in a
subset of use cases.
-Jim
Should mailing lists sign messages?
I believe they should.
If they did, wouldn't it be a 3rd party sig?
Yes.
If we were able to say "No third party can sign for me" it would stop
the spoof.
But the signature from the mailing list adds value (it says the message
is really from the list), so many domains would not want to express that
policy. What's needed is a way to unambiguously interpret the role of
the signature (i.e., is it a signature representing the author or the
mailing list) and the SSP delegation proposal has made that ambiguous in
some cases.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html