On 18/May/10 07:08, John Levine wrote:
A DKIM-aware resending MLM is encouraged to sign the entire message
as it arrived, especially including the original signatures.
Would I as an MLM want to resign a message that I received that itself
was not signed? Do I want to confer more authority to that message than
is warranted?
Yes, of course. The signature means that this message really truly
came from the mailing list, as opposed to being a random piece of spam
that happened to resemble list mail.
+1. However, may I ask how does the verifier know which signature is
the one that belongs to the list? I can think of
* look at the MAIL FROM domain, à la SPF (breaks forwarding),
* have the list's domain in a white list (requires maintenance),
* use some of the "List-*" fields (which one?)
Apparently, section 5.4 doesn't cover this point.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html