Franck Martin wrote:
I see a problem with I allow 3rd party signers. In the case of
a mailing list or forwarder or remailer, it may sign without the
knowledge of the original sender which is acceptable.
I just noticed this mailing list is signing as a 3d party:
From: Hector Santos <hsantos(_at_)santronics(_dot_)com>
DKIM-Signature: d=mipassoc.org;
In all honesty I am not sure I like this. I have to check to see if
the mail is verified or the hash integrity is broken. How is the MLS
signing the subject line, the original or one with the [IETF-DKIM]
prepended?
On a related note, when SSP was active, I had proposed for Mailing
List Server (MLS) the following logic, something I considered for our
own MLS product as well for DKIM support:
Subscription Controls
MLS subscription processes should perform a SSP check to
determine if a subscribing email domain SSP policy is
restrictive in regards to mail integrity changes or
3rd party signatures. The MLS SHOULD only allow original
domain policies who allow 3rd party signatures.
Reading the ADSP draft....
http://tools.ietf.org/html/draft-ietf-dkim-ssp-09
I see if I add a ADSP record for santronics.com
dkim=all or
dkim=discardable
then for protocol consistency, the mipassoc.org MLS who now supports
DKIM signing, should also consider ADSP and lookup the domain to see
if the DOMAIN is allowing 3rd party signatures. At the very least, it
should do this at the subscription process.
I think I am going to unsubscribe and subscribe under another domain.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html