ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Why mailing lists should strip DKIM signatures

2010-04-23 17:30:51
from [Murray S. Kucherawy] [Permanent Link] 
-----Original Message-----
From: John Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Friday, April 23, 2010 2:34 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Cc: Murray S. Kucherawy
Subject: Re: [ietf-dkim] Why mailing lists should strip DKIM signatures


If I'm running a mailing list and I get a piece of signed mail, I'm
certainly not removing its signature.  The signer's reputation should
suffer if people complain, or benefit in the absence of a complaint.


Well, gee, in that case since I don't control or even know the way you
manage your lists, I don't dare sign anything I send you.  If you (the
generic you, not Murray) start to do a lousy job of managing your
lists, why is that your subscribers' problem?


If you begin to get complaints because you are on some list whose owner isn't 
bothering to conduct list hygiene, I would imagine you'd ultimately unsubscribe 
from the list and find or create another one that's properly managed.  And I 
imagine a lot of other members of that list would follow, even if only because 
you all also find the overall list's content to be irritating.

In terms of reputation systems that might rely on DKIM, I doubt a single 
incident would or should be enough to clobber your reputation entirely.  And in 
fact I'd want my good content to hit some lists signed so that more receivers 
get a chance to collect data that I'm a good guy.

I don't think it's a big stretch to think as reputation rolls out, people will 
be more discerning about how and where they send mail.


Even without thinking of the FBL issues, I would want a reputation
systems to be fully informed about a candidate system rather than
only partially informed.


Me too.  Mail from the list is the responsibility of the list.  QED and
all that.


But if you redact the original signature, you're only providing some of the 
information that could be provided to the receiver.


I spoke to a couple of people about this in Anaheim: A way of using
DKIM and Auth-Results to establish a definite chain of custody of a
message would be highly useful.


Hmmn. Was this in the context of mailing lists, or in general?


Lists, specifically, in that instance.  Something like: X sends to a list at Y 
that then relays to Z; Z trusts Y to implement DKIM and Authentication-Results 
and all that properly, so Z believes Y when it says "X had a signature on here 
that verified" even if X's signature on arrival at Z is either invalid or 
absent.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Why mailing lists should strip DKIM signatures, Michael Thomas
Next by Date:  Re: [ietf-dkim] Why mailing lists should strip DKIM signatures, John R. Levine
Previous by Thread:  Re: [ietf-dkim] Why mailing lists should strip DKIM signatures, John Levine
Next by Thread:  Re: [ietf-dkim] Why mailing lists should strip DKIM signatures, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]