On Fri, Apr 23, 2010 at 9:45 AM, Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
On 4/23/2010 6:50 AM, MH Michael Hammer (5304) wrote:
If John is making some assertion of responsibility for his message by
signing, what is the limit of his responsibility as the message flows through
the ecosystem? Where is the RFC that says his signature should be stripped?
Most importantly, where is the specification that says a DKIM signature
overrides The MailFrom address?
Not everything is codified in RFC or elsewhere. If John sends email to
my mailing list, and I emit that mail to the world, and it garners
complaints, it strikes me based on custom and history that I am the
responsible party. John would not be. Not directly, anyway.
If the list stripped his signature and someone modified what he wrote is this
a failure of DKIM or is it something else? What are we collectively (and
individually) trying to achieve if we are signing the body and not just the
headers?
If a list already knows it should strip DKIM signatures, isn't also likely
that
the list will be able to sign?
No, because stripping the signature is currently easier than
generating a new one. Stripping the signature is just removing text.
Adding a new signature requires functionality not inherent to all MTAs
and MLMs.
We have no empirical data that the presence of a list signature AND an author
signature will produce the wrong results (for some definition of wrong.)
Yeah, but clearly the author signature alone can cause what somebody
here thinks to be an imperfect result.
I tend to agree with him. I've been stripping DKIM signatures on my
own hosted mailing lists for that reason, and also so I can modify
content on the fly without the original signature failing.
Regards,
Al Iverson
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html