-----Original Message-----
From: Jeff Macdonald [mailto:macfisherman(_at_)gmail(_dot_)com]
Sent: Tuesday, April 27, 2010 10:05 AM
To: McDowell, Brett
Cc: Murray S. Kucherawy; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should strip DKIM signatures
That's interesting. Let's make this concrete... I'll use myself as
an example.
X = me/PayPal.com
Y = this list/ietf-dkim(_at_)mipassoc(_dot_)org
Z = Google's Gmail service [1]
It is my assumption that someone subscribed to this list has a
gmail.com account (or a Yahoo.com account [2]). Therefore, my use case
is simple. I would hope that those of you reading this from your Gmail
or Yahoo! accounts actually receive this message. If Z breaks the
signature, you won't see this.
how about Y breaking the signature? I see your message only because I
told gmail's filtering system to not put messages into the spam folder
for this list. Otherwise it would of gone into the spam folder.
Looking at the source of the message, I only see the list's DKIM
signature.
Y breaking the signature isn't relevant (in this hypothesis). Y also says when
it got the message from X, X's signature was intact. That Y messed up the
signature, making Z unable to verify it directly, is not important; Z trusts Y,
so Z trusts Y's Authentication-Results: that says X's signature was fine when
it got to Y.
Should the policy statements be ignored at that point?
In this hypothesis, they could be. Or, they could be applied. If X's ADSP
says "all" or "discardable", and Z trusts Y, and Y claims X's message had a
valid signature, ADSP is satisfied.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html