On May 11, 2009, at 8:29 AM, Eliot Lear wrote:
On 5/11/09 5:09 PM, Steve Atkins wrote:
On May 11, 2009, at 3:55 AM, Charles Lindsey wrote:
I could conceivably see this being an issue on an acm.org style
forwarder,
if there were one that modified the content it forwarded, but not a
normal
mailing list. I don't think that's a iikely use case, though.
Sorry- I'm not quite sure what you're saying here. That an ACM.ORG-
like forwarding address is likely or that they would tag something
to the bottom of a message?
I think it unlikely that they would modify the message, while not
taking any responsibility for the message content.
A simple .forward style forwarder is fine, as it doesn't modify the
content.
A forwarder that does modify the content in any way will invalidate
DKIM signatures that do not use l= [1]. Because of that it will need
to take that into account operationally, probably by signing with it's
own signature on outbound and maybe validating signatures on inbound
mail[2].
Whatever it does to handle forwarding of non-l=-using DKIM signed
email correctly will also that it also forwards l=-using DKIM signed
mail correctly, meaning l= adds no obvious value there.
Cheers,
Steve
[1] it'll likely invalidate ones that do use l= too, but that's not
important here.
[2] One of the more plausible use cases for the Authentication-Results
header, where the header shows the results of inbound DKIM validation
and is signed by the forwarders signature on outbound mail.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html