On 4/23/2010 6:50 AM, MH Michael Hammer (5304) wrote:
If John is making some assertion of responsibility for his message by
signing, what is the limit of his responsibility as the message flows through
the ecosystem? Where is the RFC that says his signature should be stripped?
Most importantly, where is the specification that says a DKIM signature
overrides The MailFrom address?
If the list stripped his signature and someone modified what he wrote is this
a failure of DKIM or is it something else? What are we collectively (and
individually) trying to achieve if we are signing the body and not just the
headers?
If a list already knows it should strip DKIM signatures, isn't also likely that
the list will be able to sign?
We have no empirical data that the presence of a list signature AND an author
signature will produce the wrong results (for some definition of wrong.)
When the person hit the "this is SPAM" button were they referring to John's
message or were they referring to mail from the list? How do we know?
good questions.
If there were more than one valid signature on the message where would Yahoo
send the report?
We should ask Yahoo.
Where should Yahoo send the report?
Yup.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html