At 05:46 13-06-2009, J.D. Falk wrote:
In this reality, intermediaries change messages. Sounds like a few folks on
this list don't want messages to undergo drastic changes when passing
through intermediaries, and thus are arguing against any attempt to use DKIM
to "legitimize" what they view, Quixotically, as illegitimate behavior. But
DKIM /will/ be applied in situations where intermediaries change messages,
because that is a reality of email today.
There were more than a few people who actually argued for messages
not to be changed. If that wasn't done, it would not have been
worthwhile to deploy DKIM as the amount of "bad" signatures was too
large compared to "good" signatures. There's also the case of list
expanders. A very large amount of messages generated by sites using
a particular list expander invalidated DKIM signatures due to
"webvertized" content injected as footers and some other
modifications to the message. This was well before this mailing list
was DKIM signing its messages. The problem has not been solved yet
but it was mitigated by the removal of the DKIM signature header.
For those of you criticizing the owner of this mailing list for the
"rsa-sha1", I'll point out that there are some operational
considerations for that. If it wasn't for SHA1, there would be even
less people using DKIM. That doesn't mean that we should encourage
the use of SHA1.
The people who use DKIM won't even read RFC 4871. FWIW, it wasn't
even published when some of the trade-offs were made. The bottom
line is that the effort was to figure out how to make the
specifications work out for us and for the users who are not
subscribed to this mailing list.
Coming back to the subject of list expanders, I'll skip the A-R angle
as there are other venues to talk about it. The question is whether
to consider the author's signature, the mailing list signature or
both. Sometimes you know the author and you'll choose to pass the
message through. But if you rely on that alone, then you are only
doing selective "acceptance" of the mailing list traffic which goes
against how a mailing list operates. There's a well-known mailing
list that suffers from a spam problem. If the messages are accepted
based on the mailing list signature alone (that mailing list is not
using DKIM at the moment), you are allowing spam into your mailbox.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html