On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote:
Something like: X sends to a list at Y that then relays to Z; Z trusts Y to
implement DKIM and Authentication-Results and all that properly, so Z
believes Y when it says "X had a signature on here that verified" even if X's
signature on arrival at Z is either invalid or absent.
That's interesting. Let's make this concrete... I'll use myself as an example.
X = me/PayPal.com
Y = this list/ietf-dkim(_at_)mipassoc(_dot_)org
Z = Google's Gmail service [1]
It is my assumption that someone subscribed to this list has a gmail.com
account (or a Yahoo.com account [2]). Therefore, my use case is simple. I
would hope that those of you reading this from your Gmail or Yahoo! accounts
actually receive this message. If Z breaks the signature, you won't see this.
So if it simply isn't practical to expect lists to maintain the signature, then
offering the option for the list to validate the signature coming from X and
send a new signature to Z that Z *can* (but doesn't have to) "trust", is
something immediately useful.
Murray, is this what you discussed supporting in IETF #77? If yes, what's the
status?
-- Brett
[1] https://www.thepaypalblog.com/2008/07/google-joins-th/
[2] https://www.thepaypalblog.com/2007/10/yahoo-paypal-an/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html