On Sat, 28 Mar 2009 01:09:29 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
2. It has been noted that a domain might have different reasons for
signing a message. It might, for example, sign a message on behalf of a
mailing list manager operating in that domain. When Author Signature is
based on a d= comparison alone, any signature from the same domain as
the author is assumed to be a signature representing the original
introduction of the message into the mail stream. That may or may not
be an important distinction, but I'm pointing out that information is
lost and I'm not sure we have enough experience to say that we don't
need it.
I don't think that is quite right. Suppose foo.example has declared that
it signs everything, with strength "Discardable". Then four possibilities
arise:
From: someone(_at_)foo(_dot_)example
From:someone(_at_)foo(_dot_)example
Valid signature from foo.example Absent/broken signature from
foo.example
ACCEPT DISCARD
From someone(_at_)bar(_dot_)example From
someone(_at_)bar(_dot_)example
Valid signature from foo.example Absent/broken signature from
foo.example
??????? ????????
The first two cases are obvious. The second two are Jim's example. What to
do?
I think he misunderstands the meaning of "Discardable". It does not mean
"Everything we sign if From: us". It means "Everthing From: us is signed
by us".
So, in the second two cases, the semantics already prescribed by ADSP is:
Assuming there is no second signature by bar.example, LOOK UP the ADSP
record for _bar.example_, and if that says "Discardable" then DISCARD it.
IOW, if some user at a Discardable domain sends email to a list, it had
better be signed before it reaches the list, and the list expander had
better not break that signature.
But if the Discardable domain operates a list expander for a list that
anyone may post to, then it will naturally sign the expanded messages (and
it would be polite to add i=lists(_at_)foo(_dot_)example), but there is no
implication that anything should or should not be Discarded (though
perhaps Assessors might possibly do so if Sender: was not by that domain -
list expanders being supposed to set Sender).
In the words of Dave Crocker,
OK. Start shooting.
FX: Bang!
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html