On May 10, 2010, at 11:59 AM, John R. Levine wrote:
Apart from ADSP rules, a broken signature must be treated as if there was no
signature at all. That in itself is not the problem. The problem with broken
signatures is that people will not buy into a technology (DKIM) if it will
not cover a significant part of their e-mail.
Of course. That's why MLMs should sign their mail, or equvalently the MSA
they use should sign it. Problem solved, right?
Free bonus: MLMs can sign the list mail even if the contributor didn't
sign it.
+1. It's pretty much a non-issue (unless you believe that DKIM is
magic fairy dust that will prevent all "fraudulent use of your brand").
It'd be nice if mailing lists didn't go out of their way to delete or
invalidate existing signatures, but if they happen to invalidate the
signature inbound it doesn't really break anything any sensible recipient
will be relying on, especially if the list signs all the mail it emits.
(I'd be much more concerned if the same issues cropped up with
end-user forwarding services, like acm.org, but they seem much
less likely to invalidate signatures than discussion lists.)
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html