ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Resigner Support of RFC 5617 (ADSP)

2009-10-12 12:23:13
On Sat, 10 Oct 2009 07:05:13 +0100, John Levine <johnl(_at_)iecc(_dot_)com> 
wrote:

People who contribute to mailing lists shouldn't say dkim=all. ...

But the user within some large domain that wants to join some mailing list  
has no control over what ADSP his sysadmins have set up - so it all gets  
caught up in company policy and what the company management has descreed  
(without, as is customary, consulting the people affected).

But, as I have explained many times before, there is a simple solution to  
this problem. If the listadmin has munged the message so as to break the  
original signature, he will be aware of the fact and so should insert an  
Authentication-Results header testifying that the signature was fine when  
he received it, and he should then resign the message INCLUDING THE  
AUTHENTICATION-RESULTS IN MIS SIGNATURE.

Then all will be OK if the ultimate recipient trusts the listadmin. But if  
that is to be a recomended pratice, then it needs to be documented as such.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html