Eliot Lear wrote:
l= provides a benefit when the SIGNERS sign, and mailing lists DON'T
DISTURB. This does happen, although we can debate how often.
About 95% of the time at Cisco. There's nothing to debate because we had
hard
evidence.
The key
point is that if the mailing lists employ an anti-spam check and resign,
there is probably no need for l=. This to me means that l= should be
viewed as a Time To Market function to have more valid signatures out
there, and is best obviated by deployment of DKIM in mailing list
software. That's happened in some place, but not enough.
I stand by my point that it is perfectly feasible to mitigate any risks
that l= introduces. But. Those risks DO have to be mitigated.
So here's where I come down: nuke l=, but get the mailing list software
people to sign. The big one I would want to tackle is MailMan.
FWIW: I tried to do exactly that -- I had a Python DKIM signer ready to go
with buy-in from the Mailman folks, but Cisco legal failed. However..
Mailing list software developers have exactly zero control over whether
people
sign messages or not. Whether mailing list software has the ability to
sign or
not isn't the major impediment. Indeed, putting it in the mailing list
software --
or any other independent mail generator -- just leads to administrative
hassles.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html