ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary)

2009-06-19 07:39:22
On Wed, 17 Jun 2009 12:53:25 +0100, hector 
<gmail(_dot_)sant9442(_at_)winserver(_dot_)com>
wrote:

Charles Lindsey wrote:

So there remain only two things he did _not_ do, which he might have  
done:

-7. His signature did NOT cover the A-R he had added (so we have to  
assume
that it was not an artefact by the spammer, although it most certainly
SHOULD have been removed if it was). So we may well "believe" the list
manager had put it there, but it would be nicer to have had some proof.

+1, I think it makes sense to bind the A-R recording of a stripped
original signature.

+1 to that. It is what I have been saying all along.

-8. The list manager did not retain the original (and now broken)  
original
signature. Tnere are certainly some on this list who would have  
preferred
to see it left ("for forensics").

Or changed to X-DKIM-Signature and bind this also in  the new signature.

And +1 to that. It prevents subsequent verifiers from worrying about that
signature any more, but retains the opportunity for Sleuths, Conspiracy
Theorist or just the Plain Curious to work out what had gone wrong, and
possibly even to try to verify that signature by reversing the changes
which had broken it.

But all this tends to cnfirm my view that we need some BCP document to
encourage Mailing Lists to behave in some consistent way.



-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>